Merge branch '12498_ed25519_keys_v6'

Fixed numerous conflicts, and ported code to use new base64 api.
This commit is contained in:
Nick Mathewson 2015-05-28 11:04:33 -04:00
commit 1b52e95028
59 changed files with 10370 additions and 463 deletions

View File

@ -1857,6 +1857,13 @@ is non-zero):
this. If this option is set to 0, Tor will try to pick a reasonable
default based on your system's physical memory. (Default: 0)
[[SigningKeyLifetime]] **SigningKeyLifetime** __N__ **days**|**weeks**|**months**::
For how long should each Ed25519 signing key be valid? Tor uses a
permanent master identity key that can be kept offline, and periodically
generates new "signing" keys that it uses online. This option
configures their lifetime.
(Default: 30 days)
DIRECTORY SERVER OPTIONS
------------------------
@ -2349,6 +2356,23 @@ The following options are used for running a testing Tor network.
authority on a testing network. Overrides the usual default lower bound
of 4 KB. (Default: 0)
[[TestingLinkCertLifetime]] **TestingLinkCertifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
Overrides the default lifetime for the certificates used to authenticate
our X509 link cert with our ed25519 signing key.
(Default: 2 days)
[[TestingAuthKeyLifetime]] **TestingAuthKeyLifetime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**|**months**::
Overrides the default lifetime for a signing Ed25519 TLS Link authentication
key.
(Default: 2 days)
[[TestingLinkKeySlop]] **TestingLinkKeySlop** __N__ **seconds**|**minutes**|**hours**::
[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours**::
[[TestingSigningKeySlop]] **TestingSigningKeySlop** __N__ **seconds**|**minutes**|**hours**::
How early before the official expiration of a an Ed25519 signing key do
we replace it and issue a new key?
(Default: 3 hours for link and auth; 1 day for signing.)
SIGNALS
-------

View File

@ -14,6 +14,18 @@ import binascii
import ctypes
import ctypes.util
import hashlib
import optparse
import os
import re
import struct
import time
import UserDict
import slow_ed25519
import slownacl_curve25519
import ed25519_exts_ref
# Pull in the openssl stuff we need.
crypt = ctypes.CDLL(ctypes.util.find_library('crypto'))
BIO_s_mem = crypt.BIO_s_mem
@ -24,6 +36,15 @@ BIO_new = crypt.BIO_new
BIO_new.argtypes = [ctypes.c_void_p]
BIO_new.restype = ctypes.c_void_p
crypt.BIO_free.argtypes = [ctypes.c_void_p]
crypt.BIO_free.restype = ctypes.c_int
crypt.BIO_ctrl.argtypes = [ctypes.c_void_p, ctypes.c_int, ctypes.c_long, ctypes.c_void_p ]
crypt.BIO_ctrl.restype = ctypes.c_long
crypt.PEM_write_bio_RSAPublicKey.argtypes = [ ctypes.c_void_p, ctypes.c_void_p ]
crypt.PEM_write_bio_RSAPublicKey.restype = ctypes.c_int
RSA_generate_key = crypt.RSA_generate_key
RSA_generate_key.argtypes = [ctypes.c_int, ctypes.c_ulong, ctypes.c_void_p, ctypes.c_void_p]
RSA_generate_key.restype = ctypes.c_void_p
@ -39,6 +60,14 @@ i2d_RSAPublicKey.argtypes = [
]
i2d_RSAPublicKey.restype = ctypes.c_int
def rsa_sign(msg, rsa):
buf = ctypes.create_string_buffer(1024)
n = RSA_private_encrypt(len(msg), msg, buf, rsa, 1)
if n <= 0:
raise Exception()
return buf.raw[:n]
def b64(x):
x = base64.b64encode(x)
res = []
@ -51,29 +80,188 @@ def bio_extract(bio):
length = crypt.BIO_ctrl(bio, 3, 0, ctypes.byref(buf))
return ctypes.string_at(buf, length)
def make_key(e=65537):
def make_rsa_key(e=65537):
rsa = crypt.RSA_generate_key(1024, e, None, None)
bio = BIO_new(BIO_s_mem())
crypt.PEM_write_bio_RSAPublicKey(bio, rsa)
pem = bio_extract(bio).rstrip()
crypt.BIO_free(bio)
buf = ctypes.create_string_buffer(1024)
pBuf = ctypes.c_char_p(ctypes.addressof(buf))
n = crypt.i2d_RSAPublicKey(rsa, ctypes.byref(pBuf))
s = buf.raw[:n]
digest = hashlib.sha1(s).digest()
return (rsa,pem,digest)
def makeEdSigningKeyCert(sk_master, pk_master, pk_signing, date,
includeSigning=False, certType=1):
assert len(pk_signing) == len(pk_master) == 32
expiration = struct.pack("!L", date//3600)
if includeSigning:
extensions = "\x01\x00\x20\x04\x00%s"%(pk_master)
else:
extensions = "\x00"
signed = "\x01%s%s\x01%s%s" % (
chr(certType), expiration, pk_signing, extensions)
signature = ed25519_exts_ref.signatureWithESK(signed, sk_master, pk_master)
assert len(signature) == 64
return signed+signature
def objwrap(identifier, body):
return ("-----BEGIN {0}-----\n"
"{1}"
"-----END {0}-----").format(identifier, body)
MAGIC1 = "<<<<<<MAGIC>>>>>>"
MAGIC2 = "<<<<<!#!#!#XYZZY#!#!#!>>>>>"
class OnDemandKeys(object):
def __init__(self, certDate=None):
if certDate is None:
certDate = time.time() + 86400
self.certDate = certDate
self.rsa_id = None
self.rsa_onion_key = None
self.ed_id_sk = None
self.ntor_sk = None
self.ntor_crosscert = None
self.rsa_crosscert_ed = None
self.rsa_crosscert_noed = None
@property
def RSA_IDENTITY(self):
if self.rsa_id is None:
self.rsa_id, self.rsa_ident_pem, self.rsa_id_digest = make_rsa_key()
return self.rsa_ident_pem
@property
def RSA_ID_DIGEST(self):
self.RSA_IDENTITY
return self.rsa_id_digest
@property
def RSA_FINGERPRINT_NOSPACE(self):
return binascii.b2a_hex(self.RSA_ID_DIGEST).upper()
@property
def RSA_ONION_KEY(self):
if self.rsa_onion_key is None:
self.rsa_onion_key, self.rsa_onion_pem, _ = make_rsa_key()
return self.rsa_onion_pem
@property
def RSA_FINGERPRINT(self):
hexdigest = self.RSA_FINGERPRINT_NOSPACEK
return " ".join(hexdigest[i:i+4] for i in range(0,len(hexdigest),4))
@property
def RSA_SIGNATURE(self):
return MAGIC1
@property
def ED_SIGNATURE(self):
return MAGIC2
@property
def NTOR_ONION_KEY(self):
if self.ntor_sk is None:
self.ntor_sk = slownacl_curve25519.Private()
self.ntor_pk = self.ntor_sk.get_public()
return base64.b64encode(self.ntor_pk.serialize())
@property
def ED_CERT(self):
if self.ed_id_sk is None:
self.ed_id_sk = ed25519_exts_ref.expandSK(os.urandom(32))
self.ed_signing_sk = ed25519_exts_ref.expandSK(os.urandom(32))
self.ed_id_pk = ed25519_exts_ref.publickeyFromESK(self.ed_id_sk)
self.ed_signing_pk = ed25519_exts_ref.publickeyFromESK(self.ed_signing_sk)
self.ed_cert = makeEdSigningKeyCert(self.ed_id_sk, self.ed_id_pk, self.ed_signing_pk, self.certDate, includeSigning=True, certType=4)
return objwrap('ED25519 CERT', b64(self.ed_cert))
@property
def NTOR_CROSSCERT(self):
if self.ntor_crosscert is None:
self.ED_CERT
self.NTOR_ONION_KEY
ed_privkey = self.ntor_sk.serialize() + os.urandom(32)
ed_pub0 = ed25519_exts_ref.publickeyFromESK(ed_privkey)
sign = (ord(ed_pub0[31]) & 255) >> 7
self.ntor_crosscert = makeEdSigningKeyCert(self.ntor_sk.serialize() + os.urandom(32), ed_pub0, self.ed_id_pk, self.certDate, certType=10)
self.ntor_crosscert_sign = sign
return objwrap('ED25519 CERT', b64(self.ntor_crosscert))
@property
def NTOR_CROSSCERT_SIGN(self):
self.NTOR_CROSSCERT
return self.ntor_crosscert_sign
@property
def RSA_CROSSCERT_NOED(self):
if self.rsa_crosscert_noed is None:
self.RSA_ONION_KEY
signed = self.RSA_ID_DIGEST
self.rsa_crosscert_noed = rsa_sign(signed, self.rsa_onion_key)
return objwrap("CROSSCERT",b64(self.rsa_crosscert_noed))
@property
def RSA_CROSSCERT_ED(self):
if self.rsa_crosscert_ed is None:
self.RSA_ONION_KEY
self.ED_CERT
signed = self.RSA_ID_DIGEST + self.ed_id_pk
self.rsa_crosscert_ed = rsa_sign(signed, self.rsa_onion_key)
return objwrap("CROSSCERT",b64(self.rsa_crosscert_ed))
def sign_desc(self, body):
idx = body.rfind("\nrouter-sig-ed25519 ")
if idx >= 0:
self.ED_CERT
signed_part = body[:idx+len("\nrouter-sig-ed25519 ")]
signed_part = "Tor router descriptor signature v1" + signed_part
digest = hashlib.sha256(signed_part).digest()
ed_sig = ed25519_exts_ref.signatureWithESK(digest,
self.ed_signing_sk, self.ed_signing_pk)
body = body.replace(MAGIC2, base64.b64encode(ed_sig).replace("=",""))
idx = body.rindex("\nrouter-signature")
end_of_sig = body.index("\n", idx+1)
signed_part = body[:end_of_sig+1]
digest = hashlib.sha1(signed_part).digest()
assert len(digest) == 20
rsasig = rsa_sign(digest, self.rsa_id)
body = body.replace(MAGIC1, objwrap("SIGNATURE", b64(rsasig)))
return body
def signdesc(body, args_out=None):
rsa, ident_pem, id_digest = make_key()
_, onion_pem, _ = make_key()
need_ed = '{ED25519-CERT}' in body or '{ED25519-SIGNATURE}' in body
if need_ed:
sk_master = os.urandom(32)
sk_signing = os.urandom(32)
pk_master = slow_ed25519.pubkey(sk_master)
pk_signing = slow_ed25519.pubkey(sk_signing)
hexdigest = binascii.b2a_hex(id_digest).upper()
fingerprint = " ".join(hexdigest[i:i+4] for i in range(0,len(hexdigest),4))
MAGIC = "<<<<<<MAGIC>>>>>>"
MORE_MAGIC = "<<<<<!#!#!#XYZZY#!#!#!>>>>>"
args = {
"RSA-IDENTITY" : ident_pem,
"ONION-KEY" : onion_pem,
@ -81,6 +269,11 @@ def signdesc(body, args_out=None):
"FINGERPRINT-NOSPACE" : hexdigest,
"RSA-SIGNATURE" : MAGIC
}
if need_ed:
args['ED25519-CERT'] = makeEdSigningKeyCert(
sk_master, pk_master, pk_signing)
args['ED25519-SIGNATURE'] = MORE_MAGIC
if args_out:
args_out.update(args)
body = body.format(**args)
@ -104,115 +297,55 @@ def signdesc(body, args_out=None):
return body.rstrip()
def emit_ri(name, body, args_out=None):
print "const char %s[] ="%name
body = "\n".join(line.rstrip() for line in body.split("\n"))+"\n"
b = signdesc(body, args_out)
for line in b.split("\n"):
print ' "%s\\n"'%line
def print_c_string(ident, body):
print "static const char %s[] =" % ident
for line in body.split("\n"):
print ' "%s\\n"' %(line)
print " ;"
def emit_ri(name, body):
info = OnDemandKeys()
body = body.format(d=info)
body = info.sign_desc(body)
print_c_string("EX_RI_%s"%name.upper(), body)
def emit_ei(name, body):
args = { 'NAME' : name }
emit_ri(name, body, args)
args['key'] = "\n".join(
' "%s\\n"'%line for line in args['RSA-IDENTITY'].split("\n"))
print """
const char {NAME}_fp[] = "{FINGERPRINT-NOSPACE}";
const char {NAME}_key[] =
{key};""".format(**args)
info = OnDemandKeys()
body = body.format(d=info)
body = info.sign_desc(body)
print_c_string("EX_EI_%s"%name.upper(), body)
if 0:
emit_ri("minimal",
"""\
router fred 127.0.0.1 9001 0 9002
signing-key
{RSA-IDENTITY}
onion-key
{ONION-KEY}
published 2014-10-05 12:00:00
bandwidth 1000 1000 1000
reject *:*
router-signature
{RSA-SIGNATURE}
""")
print 'const char EX_EI_{NAME}_FP[] = "{d.RSA_FINGERPRINT_NOSPACE}";'.format(
d=info, NAME=name.upper())
print_c_string("EX_EI_%s_KEY"%name.upper(), info.RSA_IDENTITY)
if 0:
emit_ri("maximal",
"""\
router fred 127.0.0.1 9001 0 9002
signing-key
{RSA-IDENTITY}
onion-key
{ONION-KEY}
published 2014-10-05 12:00:00
bandwidth 1000 1000 1000
reject 127.0.0.1:*
accept *:80
reject *:*
ipv6-policy accept 80,100,101
ntor-onion-key s7rSohmz9SXn8WWh1EefTHIsWePthsEntQi0WL+ScVw
uptime 1000
hibernating 0
unrecognized-keywords are just dandy in this format
platform Tor 0.2.4.23 on a Banana PC Jr 6000 Series
contact O.W.Jones
fingerprint {FINGERPRINT}
read-history 900 1,2,3,4
write-history 900 1,2,3,4
extra-info-digest AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
hidden-service-dir
allow-single-hop-exits
family $AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA $BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
caches-extra-info
or-address [::1:2:3:4]:9999
or-address 127.0.0.99:10000
opt fred is a fine router
router-signature
{RSA-SIGNATURE}
""")
def analyze(s):
fields = {}
while s.startswith(":::"):
first,s=s.split("\n", 1)
m = re.match(r'^:::(\w+)=(.*)',first)
if not m:
raise ValueError(first)
k,v = m.groups()
fields[k] = v
return fields, s
if 0:
emit_ei("maximal",
"""\
extra-info bob {FINGERPRINT-NOSPACE}
published 2014-10-05 20:07:00
opt foobarbaz
read-history 900 1,2,3
write-history 900 1,2,3
dirreq-v2-ips 1
dirreq-v3-ips 100
dirreq-v3-reqs blahblah
dirreq-v2-share blahblah
dirreq-v3-share blahblah
dirreq-v2-resp djfkdj
dirreq-v3-resp djfkdj
dirreq-v2-direct-dl djfkdj
dirreq-v3-direct-dl djfkdj
dirreq-v2-tunneled-dl djfkdj
dirreq-v3-tunneled-dl djfkdj
dirreq-stats-end foobar
entry-ips jfsdfds
entry-stats-end ksdflkjfdkf
cell-stats-end FOO
cell-processed-cells FOO
cell-queued-cells FOO
cell-time-in-queue FOO
cell-circuits-per-decile FOO
exit-stats-end FOO
exit-kibibytes-written FOO
exit-kibibytes-read FOO
exit-streams-opened FOO
router-signature
{RSA-SIGNATURE}
""")
def process_file(s):
fields, s = analyze(s)
try:
name = fields['name']
tp = fields['type']
except KeyError:
raise ValueError("missing required field")
if 0:
emit_ei("minimal",
"""\
extra-info bob {FINGERPRINT-NOSPACE}
published 2014-10-05 20:07:00
router-signature
{RSA-SIGNATURE}
""")
if tp == 'ei':
emit_ei(name, s)
elif tp == 'ri':
emit_ri(name, s)
else:
raise ValueError("unrecognized type")
if __name__ == '__main__':
import sys
for fn in sys.argv[1:]:
process_file(open(fn).read())

View File

@ -5,7 +5,7 @@ if test "x$TRUNNEL_PATH" != "x"; then
export PYTHONPATH
fi
python -m trunnel --require-version=1.2 ./src/trunnel/*.trunnel
python -m trunnel --require-version=1.4 ./src/trunnel/*.trunnel
python -m trunnel --require-version=1.2 --write-c-files --target-dir=./src/ext/trunnel/
python -m trunnel --require-version=1.4 --write-c-files --target-dir=./src/ext/trunnel/

View File

@ -208,6 +208,19 @@ smartlist_string_pos(const smartlist_t *sl, const char *element)
return -1;
}
/** If <b>element</b> is the same pointer as an element of <b>sl</b>, return
* that element's index. Otherwise, return -1. */
int
smartlist_pos(const smartlist_t *sl, const void *element)
{
int i;
if (!sl) return -1;
for (i=0; i < sl->num_used; i++)
if (element == sl->list[i])
return i;
return -1;
}
/** Return true iff <b>sl</b> has some element E such that
* !strcasecmp(E,<b>element</b>)
*/

View File

@ -38,6 +38,7 @@ void smartlist_reverse(smartlist_t *sl);
void smartlist_string_remove(smartlist_t *sl, const char *element);
int smartlist_contains(const smartlist_t *sl, const void *element);
int smartlist_contains_string(const smartlist_t *sl, const char *element);
int smartlist_pos(const smartlist_t *sl, const void *element);
int smartlist_string_pos(const smartlist_t *, const char *elt);
int smartlist_contains_string_case(const smartlist_t *sl, const char *element);
int smartlist_contains_int_as_string(const smartlist_t *sl, int num);

View File

@ -829,7 +829,7 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
* Note that this may leak information about the keys through timing.
*/
int
crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b)
{
int result;
char a_is_non_null = (a != NULL) && (a->key != NULL);
@ -855,19 +855,19 @@ crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
* Note that this may leak information about the keys through timing.
*/
int
crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b)
crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b)
{
return (crypto_pk_cmp_keys(a, b) == 0);
}
/** Return the size of the public key modulus in <b>env</b>, in bytes. */
size_t
crypto_pk_keysize(crypto_pk_t *env)
crypto_pk_keysize(const crypto_pk_t *env)
{
tor_assert(env);
tor_assert(env->key);
return (size_t) RSA_size(env->key);
return (size_t) RSA_size((RSA*)env->key);
}
/** Return the size of the public key modulus of <b>env</b>, in bits. */
@ -996,7 +996,7 @@ crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_public_checksig(crypto_pk_t *env, char *to,
crypto_pk_public_checksig(const crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen)
{
@ -1068,7 +1068,7 @@ crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
@ -1083,7 +1083,7 @@ crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
r = RSA_private_encrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
env->key, RSA_PKCS1_PADDING);
(RSA*)env->key, RSA_PKCS1_PADDING);
if (r<0) {
crypto_log_errors(LOG_WARN, "generating RSA signature");
return -1;
@ -1297,7 +1297,7 @@ crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
unsigned char *buf = NULL;
int len;
len = i2d_RSAPublicKey(pk->key, &buf);
len = i2d_RSAPublicKey((RSA*)pk->key, &buf);
if (len < 0 || buf == NULL)
return -1;
if (crypto_digest(digest_out, (char*)buf, len) < 0) {
@ -1795,7 +1795,24 @@ crypto_digest_assign(crypto_digest_t *into,
* <b>out_len</b> must be \<= DIGEST256_LEN. */
void
crypto_digest_smartlist(char *digest_out, size_t len_out,
const smartlist_t *lst, const char *append,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
}
/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
* at <b>digest_out</b> to the hash of the concatenation of: the
* optional string <b>prepend</b>, those strings,
* and the optional string <b>append</b>, computed with the algorithm
* <b>alg</b>.
* <b>out_len</b> must be \<= DIGEST256_LEN. */
void
crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_t *d;
@ -1803,6 +1820,8 @@ crypto_digest_smartlist(char *digest_out, size_t len_out,
d = crypto_digest_new();
else
d = crypto_digest256_new(alg);
if (prepend)
crypto_digest_add_bytes(d, prepend, strlen(prepend));
SMARTLIST_FOREACH(lst, const char *, cp,
crypto_digest_add_bytes(d, cp, strlen(cp)));
if (append)
@ -2673,6 +2692,65 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
return (int) enclen;
}
/** As base64_encode, but do not add any internal spaces or external padding
* to the output stream. */
int
base64_encode_nopad(char *dest, size_t destlen,
const uint8_t *src, size_t srclen)
{
int n = base64_encode(dest, destlen, (const char*) src, srclen, 0);
if (n <= 0)
return n;
tor_assert((size_t)n < destlen && dest[n] == 0);
char *in, *out;
in = out = dest;
while (*in) {
if (*in == '=' || *in == '\n') {
++in;
} else {
*out++ = *in++;
}
}
*out = 0;
tor_assert(out - dest <= INT_MAX);
return (int)(out - dest);
}
/** As base64_decode, but do not require any padding on the input */
int
base64_decode_nopad(uint8_t *dest, size_t destlen,
const char *src, size_t srclen)
{
if (srclen > SIZE_T_CEILING - 4)
return -1;
char *buf = tor_malloc(srclen + 4);
memcpy(buf, src, srclen+1);
size_t buflen;
switch (srclen % 4)
{
case 0:
default:
buflen = srclen;
break;
case 1:
tor_free(buf);
return -1;
case 2:
memcpy(buf+srclen, "==", 3);
buflen = srclen + 2;
break;
case 3:
memcpy(buf+srclen, "=", 2);
buflen = srclen + 1;
break;
}
int n = base64_decode((char*)dest, destlen, buf, buflen);
tor_free(buf);
return n;
}
#undef BASE64_OPENSSL_LINELEN
/** @{ */
@ -2797,6 +2875,7 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
/** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
* characters, and store the nul-terminated result in the first
* BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
/* XXXX unify with crypto_format.c code */
int
digest_to_base64(char *d64, const char *digest)
{
@ -2810,6 +2889,7 @@ digest_to_base64(char *d64, const char *digest)
/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
* trailing newline or = characters), decode it and store the result in the
* first DIGEST_LEN bytes at <b>digest</b>. */
/* XXXX unify with crypto_format.c code */
int
digest_from_base64(char *digest, const char *d64)
{
@ -2821,7 +2901,8 @@ digest_from_base64(char *digest, const char *d64)
/** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
* trailing = characters, and store the nul-terminated result in the first
* BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
* BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
/* XXXX unify with crypto_format.c code */
int
digest256_to_base64(char *d64, const char *digest)
{
@ -2835,6 +2916,7 @@ digest256_to_base64(char *d64, const char *digest)
/** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
* trailing newline or = characters), decode it and store the result in the
* first DIGEST256_LEN bytes at <b>digest</b>. */
/* XXXX unify with crypto_format.c code */
int
digest256_from_base64(char *digest, const char *d64)
{

View File

@ -146,9 +146,9 @@ int crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
const char *fname);
int crypto_pk_check_key(crypto_pk_t *env);
int crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b);
int crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b);
size_t crypto_pk_keysize(crypto_pk_t *env);
int crypto_pk_cmp_keys(const crypto_pk_t *a, const crypto_pk_t *b);
int crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b);
size_t crypto_pk_keysize(const crypto_pk_t *env);
int crypto_pk_num_bits(crypto_pk_t *env);
crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
@ -160,11 +160,11 @@ int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen,
int padding, int warnOnFailure);
int crypto_pk_public_checksig(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_public_checksig(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig, size_t siglen);
int crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
@ -209,6 +209,11 @@ int crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
struct smartlist_t;
void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const struct smartlist_t *lst,
const char *append,
digest_algorithm_t alg);
void crypto_digest_smartlist(char *digest_out, size_t len_out,
const struct smartlist_t *lst, const char *append,
digest_algorithm_t alg);
@ -278,6 +283,11 @@ size_t base64_encode_size(size_t srclen, int flags);
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
int flags);
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
int base64_encode_nopad(char *dest, size_t destlen,
const uint8_t *src, size_t srclen);
int base64_decode_nopad(uint8_t *dest, size_t destlen,
const char *src, size_t srclen);
/** Characters that can appear (case-insensitively) in a base32 encoding. */
#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);

View File

@ -351,3 +351,24 @@ ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
return 0;
}
/** Release all storage held for <b>kp</b>. */
void
ed25519_keypair_free(ed25519_keypair_t *kp)
{
if (! kp)
return;
memwipe(kp, 0, sizeof(*kp));
tor_free(kp);
}
/** Return true iff <b>key1</b> and <b>key2</b> are the same public key. */
int
ed25519_pubkey_eq(const ed25519_public_key_t *key1,
const ed25519_public_key_t *key2)
{
tor_assert(key1);
tor_assert(key2);
return tor_memeq(key1->pubkey, key2->pubkey, ED25519_PUBKEY_LEN);
}

View File

@ -6,6 +6,7 @@
#include "testsupport.h"
#include "torint.h"
#include "crypto_curve25519.h"
#define ED25519_PUBKEY_LEN 32
#define ED25519_SECKEY_LEN 64
@ -60,7 +61,7 @@ int ed25519_checksig(const ed25519_signature_t *signature,
*/
typedef struct {
/** The public key that supposedly generated the signature. */
ed25519_public_key_t *pubkey;
const ed25519_public_key_t *pubkey;
/** The signature to check. */
ed25519_signature_t signature;
/** The message that the signature is supposed to have been applied to. */
@ -87,13 +88,22 @@ int ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param);
#define ED25519_BASE64_LEN 43
/* XXXX move these to crypto_format.h */
#define ED25519_BASE64_LEN 43
int ed25519_public_from_base64(ed25519_public_key_t *pkey,
const char *input);
int ed25519_public_to_base64(char *output,
const ed25519_public_key_t *pkey);
/* XXXX move these to crypto_format.h */
#define ED25519_SIG_BASE64_LEN 86
int ed25519_signature_from_base64(ed25519_signature_t *sig,
const char *input);
int ed25519_signature_to_base64(char *output,
const ed25519_signature_t *sig);
/* XXXX read encrypted, write encrypted. */
int ed25519_seckey_write_to_file(const ed25519_secret_key_t *seckey,
@ -109,5 +119,10 @@ int ed25519_pubkey_read_from_file(ed25519_public_key_t *pubkey_out,
char **tag_out,
const char *filename);
void ed25519_keypair_free(ed25519_keypair_t *kp);
int ed25519_pubkey_eq(const ed25519_public_key_t *key1,
const ed25519_public_key_t *key2);
#endif

View File

@ -65,3 +65,42 @@ ed25519_public_to_base64(char *output,
return digest256_to_base64(output, (const char *)pkey->pubkey);
}
/** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
* which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
* plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
*/
int
ed25519_signature_to_base64(char *output,
const ed25519_signature_t *sig)
{
char buf[256];
int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
tor_assert(n == ED25519_SIG_BASE64_LEN);
memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
return 0;
}
/** Try to decode the string <b>input</b> into an ed25519 signature. On
* success, store the value in <b>sig</b> and return 0. Otherwise return
* -1. */
int
ed25519_signature_from_base64(ed25519_signature_t *sig,
const char *input)
{
if (strlen(input) != ED25519_SIG_BASE64_LEN)
return -1;
char buf[ED25519_SIG_BASE64_LEN+3];
memcpy(buf, input, ED25519_SIG_BASE64_LEN);
buf[ED25519_SIG_BASE64_LEN+0] = '=';
buf[ED25519_SIG_BASE64_LEN+1] = '=';
buf[ED25519_SIG_BASE64_LEN+2] = 0;
char decoded[128];
int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
if (n < 0 || n != ED25519_SIG_LEN)
return -1;
memcpy(sig->sig, decoded, ED25519_SIG_LEN);
return 0;
}

View File

@ -117,7 +117,7 @@
#endif
/** Structure that we use for a single certificate. */
struct tor_cert_t {
struct tor_x509_cert_t {
X509 *cert;
uint8_t *encoded;
size_t encoded_len;
@ -132,9 +132,9 @@ struct tor_cert_t {
typedef struct tor_tls_context_t {
int refcnt;
SSL_CTX *ctx;
tor_cert_t *my_link_cert;
tor_cert_t *my_id_cert;
tor_cert_t *my_auth_cert;
tor_x509_cert_t *my_link_cert;
tor_x509_cert_t *my_id_cert;
tor_x509_cert_t *my_auth_cert;
crypto_pk_t *link_key;
crypto_pk_t *auth_key;
} tor_tls_context_t;
@ -765,7 +765,7 @@ static const int N_CLIENT_CIPHERS = ARRAY_LENGTH(CLIENT_CIPHER_INFO_LIST);
/** Free all storage held in <b>cert</b> */
void
tor_cert_free(tor_cert_t *cert)
tor_x509_cert_free(tor_x509_cert_t *cert)
{
if (! cert)
return;
@ -777,14 +777,14 @@ tor_cert_free(tor_cert_t *cert)
}
/**
* Allocate a new tor_cert_t to hold the certificate "x509_cert".
* Allocate a new tor_x509_cert_t to hold the certificate "x509_cert".
*
* Steals a reference to x509_cert.
*/
static tor_cert_t *
tor_cert_new(X509 *x509_cert)
static tor_x509_cert_t *
tor_x509_cert_new(X509 *x509_cert)
{
tor_cert_t *cert;
tor_x509_cert_t *cert;
EVP_PKEY *pkey;
RSA *rsa;
int length;
@ -794,7 +794,7 @@ tor_cert_new(X509 *x509_cert)
return NULL;
length = i2d_X509(x509_cert, &buf);
cert = tor_malloc_zero(sizeof(tor_cert_t));
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
if (length <= 0 || buf == NULL) {
tor_free(cert);
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
@ -824,14 +824,14 @@ tor_cert_new(X509 *x509_cert)
}
/** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
* from a <b>certificate</b>. Return a newly allocated tor_cert_t on success
* and NULL on failure. */
tor_cert_t *
tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
* from a <b>certificate</b>. Return a newly allocated tor_x509_cert_t on
* success and NULL on failure. */
tor_x509_cert_t *
tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
{
X509 *x509;
const unsigned char *cp = (const unsigned char *)certificate;
tor_cert_t *newcert;
tor_x509_cert_t *newcert;
tor_assert(certificate);
check_no_tls_errors();
@ -846,14 +846,14 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
X509_free(x509);
goto err; /* Didn't use all the bytes */
}
newcert = tor_cert_new(x509);
newcert = tor_x509_cert_new(x509);
if (!newcert) {
goto err;
}
if (newcert->encoded_len != certificate_len ||
fast_memneq(newcert->encoded, certificate, certificate_len)) {
/* Cert wasn't in DER */
tor_cert_free(newcert);
tor_x509_cert_free(newcert);
goto err;
}
return newcert;
@ -865,7 +865,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
* representation and length, respectively. */
void
tor_cert_get_der(const tor_cert_t *cert,
tor_x509_cert_get_der(const tor_x509_cert_t *cert,
const uint8_t **encoded_out, size_t *size_out)
{
tor_assert(cert);
@ -878,7 +878,7 @@ tor_cert_get_der(const tor_cert_t *cert,
/** Return a set of digests for the public key in <b>cert</b>, or NULL if this
* cert's public key is not one we know how to take the digest of. */
const digests_t *
tor_cert_get_id_digests(const tor_cert_t *cert)
tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
{
if (cert->pkey_digests_set)
return &cert->pkey_digests;
@ -888,7 +888,7 @@ tor_cert_get_id_digests(const tor_cert_t *cert)
/** Return a set of digests for the public key in <b>cert</b>. */
const digests_t *
tor_cert_get_cert_digests(const tor_cert_t *cert)
tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
{
return &cert->cert_digests;
}
@ -901,9 +901,9 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
tor_assert(ctx);
if (--ctx->refcnt == 0) {
SSL_CTX_free(ctx->ctx);
tor_cert_free(ctx->my_link_cert);
tor_cert_free(ctx->my_id_cert);
tor_cert_free(ctx->my_auth_cert);
tor_x509_cert_free(ctx->my_link_cert);
tor_x509_cert_free(ctx->my_id_cert);
tor_x509_cert_free(ctx->my_auth_cert);
crypto_pk_free(ctx->link_key);
crypto_pk_free(ctx->auth_key);
tor_free(ctx);
@ -917,8 +917,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
* client mode. */
int
tor_tls_get_my_certs(int server,
const tor_cert_t **link_cert_out,
const tor_cert_t **id_cert_out)
const tor_x509_cert_t **link_cert_out,
const tor_x509_cert_t **id_cert_out)
{
tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
if (! ctx)
@ -947,7 +947,7 @@ tor_tls_get_my_client_auth_key(void)
* certifies. Return NULL if the cert's key is not RSA.
*/
crypto_pk_t *
tor_tls_cert_get_key(tor_cert_t *cert)
tor_tls_cert_get_key(tor_x509_cert_t *cert)
{
crypto_pk_t *result = NULL;
EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
@ -967,8 +967,8 @@ tor_tls_cert_get_key(tor_cert_t *cert)
/** Return true iff the other side of <b>tls</b> has authenticated to us, and
* the key certified in <b>cert</b> is the same as the key they used to do it.
*/
int
tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
MOCK_IMPL(int,
tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
{
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
EVP_PKEY *link_key = NULL, *cert_key = NULL;
@ -997,8 +997,8 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
* we couldn't check it. */
int
tor_tls_cert_is_valid(int severity,
const tor_cert_t *cert,
const tor_cert_t *signing_cert,
const tor_x509_cert_t *cert,
const tor_x509_cert_t *signing_cert,
int check_rsa_1024)
{
check_no_tls_errors();
@ -1209,9 +1209,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
result = tor_malloc_zero(sizeof(tor_tls_context_t));
result->refcnt = 1;
if (!is_client) {
result->my_link_cert = tor_cert_new(X509_dup(cert));
result->my_id_cert = tor_cert_new(X509_dup(idcert));
result->my_auth_cert = tor_cert_new(X509_dup(authcert));
result->my_link_cert = tor_x509_cert_new(X509_dup(cert));
result->my_id_cert = tor_x509_cert_new(X509_dup(idcert));
result->my_auth_cert = tor_x509_cert_new(X509_dup(authcert));
if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
goto error;
result->link_key = crypto_pk_dup_key(rsa);
@ -2346,15 +2346,15 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
}
/** Return the peer certificate, or NULL if there isn't one. */
tor_cert_t *
tor_tls_get_peer_cert(tor_tls_t *tls)
MOCK_IMPL(tor_x509_cert_t *,
tor_tls_get_peer_cert,(tor_tls_t *tls))
{
X509 *cert;
cert = SSL_get_peer_certificate(tls->ssl);
tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
if (!cert)
return NULL;
return tor_cert_new(cert);
return tor_x509_cert_new(cert);
}
/** Warn that a certificate lifetime extends through a certain range. */
@ -2772,8 +2772,8 @@ tor_tls_server_got_renegotiate(tor_tls_t *tls)
* the v3 handshake to prove that the client knows the TLS secrets for the
* connection <b>tls</b>. Return 0 on success, -1 on failure.
*/
int
tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
MOCK_IMPL(int,
tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
{
#define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification"
char buf[128];

View File

@ -19,7 +19,7 @@
typedef struct tor_tls_t tor_tls_t;
/* Opaque structure to hold an X509 certificate. */
typedef struct tor_cert_t tor_cert_t;
typedef struct tor_x509_cert_t tor_x509_cert_t;
/* Possible return values for most tor_tls_* functions. */
#define MIN_TOR_TLS_ERROR_VAL_ -9
@ -72,7 +72,7 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
int tor_tls_is_server(tor_tls_t *tls);
void tor_tls_free(tor_tls_t *tls);
int tor_tls_peer_has_cert(tor_tls_t *tls);
tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
int tor_tls_check_lifetime(int severity,
tor_tls_t *tls, int past_tolerance,
@ -102,7 +102,7 @@ int tor_tls_used_v1_handshake(tor_tls_t *tls);
int tor_tls_received_v3_certificate(tor_tls_t *tls);
int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
int tor_tls_server_got_renegotiate(tor_tls_t *tls);
int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
MOCK_DECL(int,tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out));
/* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
*/
@ -120,22 +120,23 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
int filter);
#endif
void tor_cert_free(tor_cert_t *cert);
tor_cert_t *tor_cert_decode(const uint8_t *certificate,
void tor_x509_cert_free(tor_x509_cert_t *cert);
tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
size_t certificate_len);
void tor_cert_get_der(const tor_cert_t *cert,
void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
const uint8_t **encoded_out, size_t *size_out);
const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert);
const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert);
int tor_tls_get_my_certs(int server,
const tor_cert_t **link_cert_out,
const tor_cert_t **id_cert_out);
const tor_x509_cert_t **link_cert_out,
const tor_x509_cert_t **id_cert_out);
crypto_pk_t *tor_tls_get_my_client_auth_key(void);
crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls,
const tor_x509_cert_t *cert));
int tor_tls_cert_is_valid(int severity,
const tor_cert_t *cert,
const tor_cert_t *signing_cert,
const tor_x509_cert_t *cert,
const tor_x509_cert_t *signing_cert,
int check_rsa_1024);
const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);

View File

@ -4431,10 +4431,10 @@ channel_num_circuits(channel_t *chan)
* This is called when setting up a channel and replaces the old
* connection_or_set_circid_type()
*/
void
channel_set_circid_type(channel_t *chan,
crypto_pk_t *identity_rcvd,
int consider_identity)
MOCK_IMPL(void,
channel_set_circid_type,(channel_t *chan,
crypto_pk_t *identity_rcvd,
int consider_identity))
{
int started_here;
crypto_pk_t *our_identity;

View File

@ -562,8 +562,9 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info);
int channel_matches_target_addr_for_extend(channel_t *chan,
const tor_addr_t *target);
unsigned int channel_num_circuits(channel_t *chan);
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd,
int consider_identity);
MOCK_DECL(void,channel_set_circid_type,(channel_t *chan,
crypto_pk_t *identity_rcvd,
int consider_identity));
void channel_timestamp_client(channel_t *chan);
void channel_update_xmit_queue_size(channel_t *chan);

View File

@ -13,6 +13,8 @@
#define TOR_CHANNEL_INTERNAL_
#define CHANNELTLS_PRIVATE
#include "or.h"
#include "channel.h"
#include "channeltls.h"
@ -22,6 +24,7 @@
#include "connection.h"
#include "connection_or.h"
#include "control.h"
#include "link_handshake.h"
#include "relay.h"
#include "rephist.h"
#include "router.h"
@ -48,9 +51,6 @@ uint64_t stats_n_authorize_cells_processed = 0;
/** Active listener, if any */
channel_listener_t *channel_tls_listener = NULL;
/* Utility function declarations */
static void channel_tls_common_init(channel_tls_t *tlschan);
/* channel_tls_t method declarations */
static void channel_tls_close_method(channel_t *chan);
@ -92,12 +92,6 @@ static void channel_tls_process_versions_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static void channel_tls_process_netinfo_cell(cell_t *cell,
channel_tls_t *tlschan);
static void channel_tls_process_certs_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static void channel_tls_process_authenticate_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static int command_allowed_before_handshake(uint8_t command);
static int enter_v3_handshake_with_cell(var_cell_t *cell,
channel_tls_t *tlschan);
@ -107,7 +101,7 @@ static int enter_v3_handshake_with_cell(var_cell_t *cell,
* and channel_tls_handle_incoming().
*/
static void
STATIC void
channel_tls_common_init(channel_tls_t *tlschan)
{
channel_t *chan;
@ -1747,16 +1741,17 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
* If it's the server side, wait for an AUTHENTICATE cell.
*/
static void
STATIC void
channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
{
tor_cert_t *link_cert = NULL;
tor_cert_t *id_cert = NULL;
tor_cert_t *auth_cert = NULL;
uint8_t *ptr;
#define MAX_CERT_TYPE_WANTED OR_CERT_TYPE_AUTH_1024
tor_x509_cert_t *certs[MAX_CERT_TYPE_WANTED + 1];
int n_certs, i;
certs_cell_t *cc = NULL;
int send_netinfo = 0;
memset(certs, 0, sizeof(certs));
tor_assert(cell);
tor_assert(chan);
tor_assert(chan->conn);
@ -1786,63 +1781,41 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
if (cell->circ_id)
ERR("It had a nonzero circuit ID");
n_certs = cell->payload[0];
ptr = cell->payload + 1;
if (certs_cell_parse(&cc, cell->payload, cell->payload_len) < 0)
ERR("It couldn't be parsed.");
n_certs = cc->n_certs;
for (i = 0; i < n_certs; ++i) {
uint8_t cert_type;
uint16_t cert_len;
if (cell->payload_len < 3)
goto truncated;
if (ptr > cell->payload + cell->payload_len - 3) {
goto truncated;
}
cert_type = *ptr;
cert_len = ntohs(get_uint16(ptr+1));
if (cell->payload_len < 3 + cert_len)
goto truncated;
if (ptr > cell->payload + cell->payload_len - cert_len - 3) {
goto truncated;
}
if (cert_type == OR_CERT_TYPE_TLS_LINK ||
cert_type == OR_CERT_TYPE_ID_1024 ||
cert_type == OR_CERT_TYPE_AUTH_1024) {
tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
if (!cert) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Received undecodable certificate in CERTS cell from %s:%d",
safe_str(chan->conn->base_.address),
chan->conn->base_.port);
certs_cell_cert_t *c = certs_cell_get_certs(cc, i);
uint16_t cert_type = c->cert_type;
uint16_t cert_len = c->cert_len;
uint8_t *cert_body = certs_cell_cert_getarray_body(c);
if (cert_type > MAX_CERT_TYPE_WANTED)
continue;
tor_x509_cert_t *cert = tor_x509_cert_decode(cert_body, cert_len);
if (!cert) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Received undecodable certificate in CERTS cell from %s:%d",
safe_str(chan->conn->base_.address),
chan->conn->base_.port);
} else {
if (certs[cert_type]) {
tor_x509_cert_free(cert);
ERR("Duplicate x509 certificate");
} else {
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
if (link_cert) {
tor_cert_free(cert);
ERR("Too many TLS_LINK certificates");
}
link_cert = cert;
} else if (cert_type == OR_CERT_TYPE_ID_1024) {
if (id_cert) {
tor_cert_free(cert);
ERR("Too many ID_1024 certificates");
}
id_cert = cert;
} else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
if (auth_cert) {
tor_cert_free(cert);
ERR("Too many AUTH_1024 certificates");
}
auth_cert = cert;
} else {
tor_cert_free(cert);
}
certs[cert_type] = cert;
}
}
ptr += 3 + cert_len;
continue;
truncated:
ERR("It ends in the middle of a certificate");
}
tor_x509_cert_t *id_cert = certs[OR_CERT_TYPE_ID_1024];
tor_x509_cert_t *auth_cert = certs[OR_CERT_TYPE_AUTH_1024];
tor_x509_cert_t *link_cert = certs[OR_CERT_TYPE_TLS_LINK];
if (chan->conn->handshake_state->started_here) {
int severity;
if (! (id_cert && link_cert))
@ -1867,7 +1840,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
chan->conn->handshake_state->authenticated = 1;
{
const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
crypto_pk_t *identity_rcvd;
if (!id_digests)
ERR("Couldn't compute digests for key in ID cert");
@ -1891,7 +1864,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
safe_str(chan->conn->base_.address), chan->conn->base_.port);
chan->conn->handshake_state->id_cert = id_cert;
id_cert = NULL;
certs[OR_CERT_TYPE_ID_1024] = NULL;
if (!public_server_mode(get_options())) {
/* If we initiated the connection and we are not a public server, we
@ -1918,7 +1891,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
chan->conn->handshake_state->id_cert = id_cert;
chan->conn->handshake_state->auth_cert = auth_cert;
id_cert = auth_cert = NULL;
certs[OR_CERT_TYPE_ID_1024] = certs[OR_CERT_TYPE_AUTH_1024] = NULL;
}
chan->conn->handshake_state->received_certs_cell = 1;
@ -1932,9 +1905,10 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
}
err:
tor_cert_free(id_cert);
tor_cert_free(link_cert);
tor_cert_free(auth_cert);
for (unsigned i = 0; i < ARRAY_LENGTH(certs); ++i) {
tor_x509_cert_free(certs[i]);
}
certs_cell_free(cc);
#undef ERR
}
@ -1949,11 +1923,11 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
* want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
*/
static void
STATIC void
channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
{
int n_types, i, use_type = -1;
uint8_t *cp;
auth_challenge_cell_t *ac = NULL;
tor_assert(cell);
tor_assert(chan);
@ -1966,7 +1940,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
safe_str(chan->conn->base_.address), \
chan->conn->base_.port, (s)); \
connection_or_close_for_error(chan->conn, 0); \
return; \
goto done; \
} while (0)
if (chan->conn->base_.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
@ -1979,19 +1953,17 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
ERR("We already received one");
if (!(chan->conn->handshake_state->received_certs_cell))
ERR("We haven't gotten a CERTS cell yet");
if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
ERR("It was too short");
if (cell->circ_id)
ERR("It had a nonzero circuit ID");
n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
ERR("It looks truncated");
if (auth_challenge_cell_parse(&ac, cell->payload, cell->payload_len) < 0)
ERR("It was not well-formed.");
n_types = ac->n_methods;
/* Now see if there is an authentication type we can use */
cp = cell->payload+OR_AUTH_CHALLENGE_LEN + 2;
for (i = 0; i < n_types; ++i, cp += 2) {
uint16_t authtype = ntohs(get_uint16(cp));
for (i = 0; i < n_types; ++i) {
uint16_t authtype = auth_challenge_cell_get_methods(ac, i);
if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
use_type = authtype;
}
@ -2002,7 +1974,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
/* If we're not a public server then we don't want to authenticate on a
connection we originated, and we already sent a NETINFO cell when we
got the CERTS cell. We have nothing more to do. */
return;
goto done;
}
if (use_type >= 0) {
@ -2016,7 +1988,7 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
log_warn(LD_OR,
"Couldn't send authenticate cell");
connection_or_close_for_error(chan->conn, 0);
return;
goto done;
}
} else {
log_info(LD_OR,
@ -2029,9 +2001,12 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
if (connection_or_send_netinfo(chan->conn) < 0) {
log_warn(LD_OR, "Couldn't send netinfo cell");
connection_or_close_for_error(chan->conn, 0);
return;
goto done;
}
done:
auth_challenge_cell_free(ac);
#undef ERR
}
@ -2045,10 +2020,10 @@ channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
* the identity of the router on the other side of the connection.
*/
static void
STATIC void
channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
{
uint8_t expected[V3_AUTH_FIXED_PART_LEN];
uint8_t expected[V3_AUTH_FIXED_PART_LEN+256];
const uint8_t *auth;
int authlen;
@ -2104,11 +2079,13 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
if (authlen < V3_AUTH_BODY_LEN + 1)
ERR("Authenticator was too short");
if (connection_or_compute_authenticate_cell_body(
chan->conn, expected, sizeof(expected), NULL, 1) < 0)
ssize_t bodylen =
connection_or_compute_authenticate_cell_body(
chan->conn, expected, sizeof(expected), NULL, 1);
if (bodylen < 0 || bodylen != V3_AUTH_FIXED_PART_LEN)
ERR("Couldn't compute expected AUTHENTICATE cell body");
if (tor_memneq(expected, auth, sizeof(expected)))
if (tor_memneq(expected, auth, bodylen))
ERR("Some field in the AUTHENTICATE cell body was not as expected");
{
@ -2154,7 +2131,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
crypto_pk_t *identity_rcvd =
tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
const digests_t *id_digests =
tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert);
/* This must exist; we checked key type when reading the cert. */
tor_assert(id_digests);

View File

@ -52,5 +52,15 @@ void channel_tls_update_marks(or_connection_t *conn);
/* Cleanup at shutdown */
void channel_tls_free_all(void);
#ifdef CHANNELTLS_PRIVATE
STATIC void channel_tls_process_certs_cell(var_cell_t *cell,
channel_tls_t *tlschan);
STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
channel_tls_t *tlschan);
STATIC void channel_tls_common_init(channel_tls_t *tlschan);
STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell,
channel_tls_t *tlschan);
#endif
#endif

View File

@ -300,6 +300,7 @@ static config_var_t option_vars_[] = {
VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
V(ServerTransportListenAddr, LINELIST, NULL),
V(ServerTransportOptions, LINELIST, NULL),
V(SigningKeyLifetime, INTERVAL, "30 days"),
V(Socks4Proxy, STRING, NULL),
V(Socks5Proxy, STRING, NULL),
V(Socks5ProxyUsername, STRING, NULL),
@ -358,6 +359,13 @@ static config_var_t option_vars_[] = {
V(TestingTorNetwork, BOOL, "0"),
V(TestingMinExitFlagThreshold, MEMUNIT, "0"),
V(TestingMinFastFlagThreshold, MEMUNIT, "0"),
V(TestingLinkCertLifetime, INTERVAL, "2 days"),
V(TestingAuthKeyLifetime, INTERVAL, "2 days"),
V(TestingLinkKeySlop, INTERVAL, "3 hours"),
V(TestingAuthKeySlop, INTERVAL, "3 hours"),
V(TestingSigningKeySlop, INTERVAL, "1 day"),
V(OptimisticData, AUTOBOOL, "auto"),
V(PortForwarding, BOOL, "0"),
V(PortForwardingHelper, FILENAME, "tor-fw-helper"),
@ -3688,8 +3696,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingDescriptorMaxDownloadTries);
CHECK_DEFAULT(TestingMicrodescMaxDownloadTries);
CHECK_DEFAULT(TestingCertMaxDownloadTries);
CHECK_DEFAULT(TestingAuthKeyLifetime);
CHECK_DEFAULT(TestingLinkCertLifetime);
CHECK_DEFAULT(TestingSigningKeySlop);
CHECK_DEFAULT(TestingAuthKeySlop);
CHECK_DEFAULT(TestingLinkKeySlop);
#undef CHECK_DEFAULT
if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
REJECT("SigningKeyLifetime is too short.");
if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)
REJECT("LinkCertLifetime is too short.");
if (options->TestingAuthKeyLifetime < options->TestingLinkKeySlop*2)
REJECT("TestingAuthKeyLifetime is too short.");
if (options->TestingV3AuthInitialVotingInterval
< MIN_VOTE_INTERVAL_TESTING_INITIAL) {
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");

View File

@ -61,6 +61,10 @@ char *options_get_datadir_fname2_suffix(const or_options_t *options,
* get_datadir_fname2_suffix. */
#define get_datadir_fname2(sub1,sub2) \
get_datadir_fname2_suffix((sub1), (sub2), NULL)
/** Return a newly allocated string containing datadir/sub1/sub2 relative to
* opts. See get_datadir_fname2_suffix. */
#define options_get_datadir_fname2(opts,sub1,sub2) \
options_get_datadir_fname2_suffix((opts),(sub1), (sub2), NULL)
/** Return a newly allocated string containing datadir/sub1suffix. See
* get_datadir_fname2_suffix. */
#define get_datadir_fname_suffix(sub1, suffix) \

View File

@ -30,6 +30,7 @@
#include "entrynodes.h"
#include "geoip.h"
#include "main.h"
#include "link_handshake.h"
#include "networkstatus.h"
#include "nodelist.h"
#include "reasons.h"
@ -1318,8 +1319,8 @@ connection_or_close_normally(or_connection_t *orconn, int flush)
* the error state.
*/
void
connection_or_close_for_error(or_connection_t *orconn, int flush)
MOCK_IMPL(void,
connection_or_close_for_error,(or_connection_t *orconn, int flush))
{
channel_t *chan = NULL;
@ -1879,8 +1880,8 @@ or_handshake_state_free(or_handshake_state_t *state)
return;
crypto_digest_free(state->digest_sent);
crypto_digest_free(state->digest_received);
tor_cert_free(state->auth_cert);
tor_cert_free(state->id_cert);
tor_x509_cert_free(state->auth_cert);
tor_x509_cert_free(state->id_cert);
memwipe(state, 0xBE, sizeof(or_handshake_state_t));
tor_free(state);
}
@ -2013,9 +2014,9 @@ connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
* <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
* affect a circuit.
*/
void
connection_or_write_var_cell_to_buf(const var_cell_t *cell,
or_connection_t *conn)
MOCK_IMPL(void,
connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
or_connection_t *conn))
{
int n;
char hdr[VAR_CELL_MAX_HEADER_SIZE];
@ -2158,8 +2159,8 @@ connection_or_send_versions(or_connection_t *conn, int v3_plus)
/** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
* about their address, our address, and the current time. */
int
connection_or_send_netinfo(or_connection_t *conn)
MOCK_IMPL(int,
connection_or_send_netinfo,(or_connection_t *conn))
{
cell_t cell;
time_t now = time(NULL);
@ -2228,7 +2229,7 @@ connection_or_send_netinfo(or_connection_t *conn)
int
connection_or_send_certs_cell(or_connection_t *conn)
{
const tor_cert_t *link_cert = NULL, *id_cert = NULL;
const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
size_t link_len, id_len;
var_cell_t *cell;
@ -2243,8 +2244,8 @@ connection_or_send_certs_cell(or_connection_t *conn)
server_mode = ! conn->handshake_state->started_here;
if (tor_tls_get_my_certs(server_mode, &link_cert, &id_cert) < 0)
return -1;
tor_cert_get_der(link_cert, &link_encoded, &link_len);
tor_cert_get_der(id_cert, &id_encoded, &id_len);
tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
cell_len = 1 /* 1 byte: num certs in cell */ +
2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
@ -2280,28 +2281,37 @@ connection_or_send_certs_cell(or_connection_t *conn)
int
connection_or_send_auth_challenge_cell(or_connection_t *conn)
{
var_cell_t *cell;
uint8_t *cp;
uint8_t challenge[OR_AUTH_CHALLENGE_LEN];
var_cell_t *cell = NULL;
int r = -1;
tor_assert(conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3);
if (! conn->handshake_state)
return -1;
if (crypto_rand((char*)challenge, OR_AUTH_CHALLENGE_LEN) < 0)
return -1;
cell = var_cell_new(OR_AUTH_CHALLENGE_LEN + 4);
auth_challenge_cell_t *ac = auth_challenge_cell_new();
if (crypto_rand((char*)ac->challenge, sizeof(ac->challenge)) < 0)
goto done;
auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
auth_challenge_cell_set_n_methods(ac,
auth_challenge_cell_getlen_methods(ac));
cell = var_cell_new(auth_challenge_cell_encoded_len(ac));
ssize_t len = auth_challenge_cell_encode(cell->payload, cell->payload_len,
ac);
if (len != cell->payload_len)
goto done;
cell->command = CELL_AUTH_CHALLENGE;
memcpy(cell->payload, challenge, OR_AUTH_CHALLENGE_LEN);
cp = cell->payload + OR_AUTH_CHALLENGE_LEN;
set_uint16(cp, htons(1)); /* We recognize one authentication type. */
set_uint16(cp+2, htons(AUTHTYPE_RSA_SHA256_TLSSECRET));
connection_or_write_var_cell_to_buf(cell, conn);
var_cell_free(cell);
memwipe(challenge, 0, sizeof(challenge));
r = 0;
return 0;
done:
var_cell_free(cell);
auth_challenge_cell_free(ac);
return r;
}
/** Compute the main body of an AUTHENTICATE cell that a client can use
@ -2328,28 +2338,28 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
crypto_pk_t *signing_key,
int server)
{
uint8_t *ptr;
auth1_t *auth = NULL;
auth_ctx_t *ctx = auth_ctx_new();
int result;
/* assert state is reasonable XXXX */
if (outlen < V3_AUTH_FIXED_PART_LEN ||
(!server && outlen < V3_AUTH_BODY_LEN))
return -1;
ctx->is_ed = 0;
ptr = out;
auth = auth1_new();
/* Type: 8 bytes. */
memcpy(ptr, "AUTH0001", 8);
ptr += 8;
memcpy(auth1_getarray_type(auth), "AUTH0001", 8);
{
const tor_cert_t *id_cert=NULL, *link_cert=NULL;
const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
const digests_t *my_digests, *their_digests;
const uint8_t *my_id, *their_id, *client_id, *server_id;
if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
return -1;
my_digests = tor_cert_get_id_digests(id_cert);
their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
my_digests = tor_x509_cert_get_id_digests(id_cert);
their_digests =
tor_x509_cert_get_id_digests(conn->handshake_state->id_cert);
tor_assert(my_digests);
tor_assert(their_digests);
my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
@ -2359,12 +2369,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
server_id = server ? my_id : their_id;
/* Client ID digest: 32 octets. */
memcpy(ptr, client_id, 32);
ptr += 32;
memcpy(auth->cid, client_id, 32);
/* Server ID digest: 32 octets. */
memcpy(ptr, server_id, 32);
ptr += 32;
memcpy(auth->sid, server_id, 32);
}
{
@ -2378,73 +2386,101 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
}
/* Server log digest : 32 octets */
crypto_digest_get_digest(server_d, (char*)ptr, 32);
ptr += 32;
crypto_digest_get_digest(server_d, (char*)auth->slog, 32);
/* Client log digest : 32 octets */
crypto_digest_get_digest(client_d, (char*)ptr, 32);
ptr += 32;
crypto_digest_get_digest(client_d, (char*)auth->clog, 32);
}
{
/* Digest of cert used on TLS link : 32 octets. */
const tor_cert_t *cert = NULL;
tor_cert_t *freecert = NULL;
const tor_x509_cert_t *cert = NULL;
tor_x509_cert_t *freecert = NULL;
if (server) {
tor_tls_get_my_certs(1, &cert, NULL);
} else {
freecert = tor_tls_get_peer_cert(conn->tls);
cert = freecert;
}
if (!cert)
return -1;
memcpy(ptr, tor_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
if (!cert) {
log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");
goto err;
}
memcpy(auth->scert,
tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
if (freecert)
tor_cert_free(freecert);
ptr += 32;
tor_x509_cert_free(freecert);
}
/* HMAC of clientrandom and serverrandom using master key : 32 octets */
tor_tls_get_tlssecrets(conn->tls, ptr);
ptr += 32;
tor_assert(ptr - out == V3_AUTH_FIXED_PART_LEN);
if (server)
return V3_AUTH_FIXED_PART_LEN; // ptr-out
tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets);
/* 8 octets were reserved for the current time, but we're trying to get out
* of the habit of sending time around willynilly. Fortunately, nothing
* checks it. That's followed by 16 bytes of nonce. */
crypto_rand((char*)ptr, 24);
ptr += 24;
crypto_rand((char*)auth->rand, 24);
tor_assert(ptr - out == V3_AUTH_BODY_LEN);
if (!signing_key)
return V3_AUTH_BODY_LEN; // ptr - out
{
int siglen;
char d[32];
crypto_digest256(d, (char*)out, ptr-out, DIGEST_SHA256);
siglen = crypto_pk_private_sign(signing_key,
(char*)ptr, outlen - (ptr-out),
d, 32);
if (siglen < 0)
return -1;
ptr += siglen;
tor_assert(ptr <= out+outlen);
return (int)(ptr - out);
ssize_t len;
if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
log_warn(LD_OR, "Unable to encode signed part of AUTH1 data.");
goto err;
}
if (server) {
auth1_t *tmp = NULL;
ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
if (!tmp) {
log_warn(LD_OR, "Unable to parse signed part of AUTH1 data.");
goto err;
}
result = (int) (tmp->end_of_fixed_part - out);
auth1_free(tmp);
if (len2 != len) {
log_warn(LD_OR, "Mismatched length when re-parsing AUTH1 data.");
goto err;
}
goto done;
}
if (signing_key) {
auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
char d[32];
crypto_digest256(d, (char*)out, len, DIGEST_SHA256);
int siglen = crypto_pk_private_sign(signing_key,
(char*)auth1_getarray_sig(auth),
auth1_getlen_sig(auth),
d, 32);
if (siglen < 0) {
log_warn(LD_OR, "Unable to sign AUTH1 data.");
return -1;
}
auth1_setlen_sig(auth, siglen);
len = auth1_encode(out, outlen, auth, ctx);
if (len < 0) {
log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
goto err;
}
}
result = (int) len;
goto done;
err:
result = -1;
done:
auth1_free(auth);
auth_ctx_free(ctx);
return result;
}
/** Send an AUTHENTICATE cell on the connection <b>conn</b>. Return 0 on
* success, -1 on failure */
int
connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
MOCK_IMPL(int,
connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
{
var_cell_t *cell;
crypto_pk_t *pk = tor_tls_get_my_client_auth_key();

View File

@ -43,7 +43,8 @@ MOCK_DECL(or_connection_t *,
const char *id_digest, channel_tls_t *chan));
void connection_or_close_normally(or_connection_t *orconn, int flush);
void connection_or_close_for_error(or_connection_t *orconn, int flush);
MOCK_DECL(void,connection_or_close_for_error,
(or_connection_t *orconn, int flush));
void connection_or_report_broken_states(int severity, int domain);
@ -77,17 +78,18 @@ void or_handshake_state_record_var_cell(or_connection_t *conn,
int connection_or_set_state_open(or_connection_t *conn);
void connection_or_write_cell_to_buf(const cell_t *cell,
or_connection_t *conn);
void connection_or_write_var_cell_to_buf(const var_cell_t *cell,
or_connection_t *conn);
MOCK_DECL(void,connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
or_connection_t *conn));
int connection_or_send_versions(or_connection_t *conn, int v3_plus);
int connection_or_send_netinfo(or_connection_t *conn);
MOCK_DECL(int,connection_or_send_netinfo,(or_connection_t *conn));
int connection_or_send_certs_cell(or_connection_t *conn);
int connection_or_send_auth_challenge_cell(or_connection_t *conn);
int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
uint8_t *out, size_t outlen,
crypto_pk_t *signing_key,
int server);
int connection_or_send_authenticate_cell(or_connection_t *conn, int type);
MOCK_DECL(int,connection_or_send_authenticate_cell,
(or_connection_t *conn, int type));
int is_or_protocol_version_known(uint16_t version);

257
src/or/dircollate.c Normal file
View File

@ -0,0 +1,257 @@
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file dircollate.c
*
* \brief Collation code for figuring out which identities to vote for in
* the directory voting process.
*/
#define DIRCOLLATE_PRIVATE
#include "dircollate.h"
#include "dirvote.h"
static void dircollator_collate_by_rsa(dircollator_t *dc);
static void dircollator_collate_by_ed25519(dircollator_t *dc);
typedef struct ddmap_entry_s {
HT_ENTRY(ddmap_entry_s) node;
uint8_t d[DIGEST_LEN + DIGEST256_LEN];
vote_routerstatus_t *vrs_lst[FLEXIBLE_ARRAY_MEMBER];
} ddmap_entry_t;
struct double_digest_map_s *by_both_ids;
static void
ddmap_entry_free(ddmap_entry_t *e)
{
tor_free(e);
}
static ddmap_entry_t *
ddmap_entry_new(int n_votes)
{
return tor_malloc_zero(STRUCT_OFFSET(ddmap_entry_t, vrs_lst) +
sizeof(vote_routerstatus_t *) * n_votes);
}
static unsigned
ddmap_entry_hash(const ddmap_entry_t *ent)
{
return (unsigned) siphash24g(ent->d, sizeof(ent->d));
}
static unsigned
ddmap_entry_eq(const ddmap_entry_t *a, const ddmap_entry_t *b)
{
return fast_memeq(a->d, b->d, sizeof(a->d));
}
static void
ddmap_entry_set_digests(ddmap_entry_t *ent,
const uint8_t *rsa_sha1,
const uint8_t *ed25519)
{
memcpy(ent->d, rsa_sha1, DIGEST_LEN);
memcpy(ent->d + DIGEST_LEN, ed25519, DIGEST256_LEN);
}
HT_PROTOTYPE(double_digest_map, ddmap_entry_s, node, ddmap_entry_hash, ddmap_entry_eq);
HT_GENERATE2(double_digest_map, ddmap_entry_s, node, ddmap_entry_hash, ddmap_entry_eq, 0.6, tor_reallocarray, tor_free_);
static void
dircollator_add_routerstatus(dircollator_t *dc,
int vote_num,
networkstatus_t *vote,
vote_routerstatus_t *vrs)
{
const char *id = vrs->status.identity_digest;
(void) vote;
vote_routerstatus_t **vrs_lst = digestmap_get(dc->by_rsa_sha1, id);
if (NULL == vrs_lst) {
vrs_lst = tor_calloc(sizeof(vote_routerstatus_t *), dc->n_votes);
digestmap_set(dc->by_rsa_sha1, id, vrs_lst);
}
tor_assert(vrs_lst[vote_num] == NULL);
vrs_lst[vote_num] = vrs;
const uint8_t *ed = vrs->ed25519_id;
if (tor_mem_is_zero((char*)ed, DIGEST256_LEN))
return;
ddmap_entry_t search, *found;
memset(&search, 0, sizeof(search));
ddmap_entry_set_digests(&search, (const uint8_t *)id, ed);
found = HT_FIND(double_digest_map, &dc->by_both_ids, &search);
if (NULL == found) {
found = ddmap_entry_new(dc->n_votes);
ddmap_entry_set_digests(found, (const uint8_t *)id, ed);
HT_INSERT(double_digest_map, &dc->by_both_ids, found);
}
vrs_lst = found->vrs_lst;
tor_assert(vrs_lst[vote_num] == NULL);
vrs_lst[vote_num] = vrs;
}
dircollator_t *
dircollator_new(int n_votes, int n_authorities)
{
dircollator_t *dc = tor_malloc_zero(sizeof(dircollator_t));
tor_assert(n_votes <= n_authorities);
dc->n_votes = n_votes;
dc->n_authorities = n_authorities;
dc->by_rsa_sha1 = digestmap_new();
HT_INIT(double_digest_map, &dc->by_both_ids);
return dc;
}
void
dircollator_free(dircollator_t *dc)
{
if (!dc)
return;
if (dc->by_collated_rsa_sha1 != dc->by_rsa_sha1)
digestmap_free(dc->by_collated_rsa_sha1, NULL);
digestmap_free(dc->by_rsa_sha1, tor_free_);
ddmap_entry_t **e, **next, *this;
for (e = HT_START(double_digest_map, &dc->by_both_ids);
e != NULL; e = next) {
this = *e;
next = HT_NEXT_RMV(double_digest_map, &dc->by_both_ids, e);
ddmap_entry_free(this);
}
HT_CLEAR(double_digest_map, &dc->by_both_ids);
tor_free(dc);
}
void
dircollator_add_vote(dircollator_t *dc, networkstatus_t *v)
{
tor_assert(v->type == NS_TYPE_VOTE);
tor_assert(dc->next_vote_num < dc->n_votes);
tor_assert(!dc->is_collated);
const int votenum = dc->next_vote_num++;
SMARTLIST_FOREACH_BEGIN(v->routerstatus_list, vote_routerstatus_t *, vrs) {
dircollator_add_routerstatus(dc, votenum, v, vrs);
} SMARTLIST_FOREACH_END(vrs);
}
void
dircollator_collate(dircollator_t *dc, int consensus_method)
{
tor_assert(!dc->is_collated);
dc->all_rsa_sha1_lst = smartlist_new();
if (consensus_method < MIN_METHOD_FOR_ED25519_ID_VOTING + 10/*XXX*/)
dircollator_collate_by_rsa(dc);
else
dircollator_collate_by_ed25519(dc);
smartlist_sort_digests(dc->all_rsa_sha1_lst);
dc->is_collated = 1;
}
static void
dircollator_collate_by_rsa(dircollator_t *dc)
{
const int total_authorities = dc->n_authorities;
DIGESTMAP_FOREACH(dc->by_rsa_sha1, k, vote_routerstatus_t **, vrs_lst) {
int n = 0, i;
for (i = 0; i < dc->n_votes; ++i) {
if (vrs_lst[i] != NULL)
++n;
}
if (n <= total_authorities / 2)
continue;
smartlist_add(dc->all_rsa_sha1_lst, (char *)k);
} DIGESTMAP_FOREACH_END;
dc->by_collated_rsa_sha1 = dc->by_rsa_sha1;
}
static void
dircollator_collate_by_ed25519(dircollator_t *dc)
{
const int total_authorities = dc->n_authorities;
digestmap_t *rsa_digests = digestmap_new();
ddmap_entry_t **iter;
HT_FOREACH(iter, double_digest_map, &dc->by_both_ids) {
ddmap_entry_t *ent = *iter;
int n = 0, i;
for (i = 0; i < dc->n_votes; ++i) {
if (ent->vrs_lst[i] != NULL)
++n;
}
if (n <= total_authorities / 2)
continue;
vote_routerstatus_t **vrs_lst2 = digestmap_get(dc->by_rsa_sha1,
(char*)ent->d);
tor_assert(vrs_lst2);
for (i = 0; i < dc->n_votes; ++i) {
if (ent->vrs_lst[i] != NULL) {
ent->vrs_lst[i]->ed25519_reflects_consensus = 1;
} else if (vrs_lst2[i] && ! vrs_lst2[i]->has_ed25519_listing) {
ent->vrs_lst[i] = vrs_lst2[i];
}
}
digestmap_set(rsa_digests, (char*)ent->d, ent->vrs_lst);
smartlist_add(dc->all_rsa_sha1_lst, ent->d);
}
DIGESTMAP_FOREACH(dc->by_rsa_sha1, k, vote_routerstatus_t **, vrs_lst) {
if (digestmap_get(rsa_digests, k) != NULL)
continue;
int n = 0, i;
for (i = 0; i < dc->n_votes; ++i) {
if (vrs_lst[i] != NULL)
++n;
}
if (n <= total_authorities / 2)
continue;
digestmap_set(rsa_digests, k, vrs_lst);
smartlist_add(dc->all_rsa_sha1_lst, (char *)k);
} DIGESTMAP_FOREACH_END;
dc->by_collated_rsa_sha1 = rsa_digests;
}
int
dircollator_n_routers(dircollator_t *dc)
{
return smartlist_len(dc->all_rsa_sha1_lst);
}
vote_routerstatus_t **
dircollator_get_votes_for_router(dircollator_t *dc, int idx)
{
tor_assert(idx < smartlist_len(dc->all_rsa_sha1_lst));
return digestmap_get(dc->by_collated_rsa_sha1,
smartlist_get(dc->all_rsa_sha1_lst, idx));
}

49
src/or/dircollate.h Normal file
View File

@ -0,0 +1,49 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file dirvote.h
* \brief Header file for dirvote.c.
**/
#ifndef TOR_DIRCOLLATE_H
#define TOR_DIRCOLLATE_H
#include "testsupport.h"
#include "or.h"
typedef struct dircollator_s dircollator_t;
dircollator_t *dircollator_new(int n_votes, int n_authorities);
void dircollator_free(dircollator_t *obj);
void dircollator_add_vote(dircollator_t *dc, networkstatus_t *v);
void dircollator_collate(dircollator_t *dc, int consensus_method);
int dircollator_n_routers(dircollator_t *dc);
vote_routerstatus_t **dircollator_get_votes_for_router(dircollator_t *dc,
int idx);
#ifdef DIRCOLLATE_PRIVATE
struct ddmap_entry_s;
typedef HT_HEAD(double_digest_map, ddmap_entry_s) double_digest_map_t;
struct dircollator_s {
/**DOCDOC */
int is_collated;
int n_votes;
int n_authorities;
int next_vote_num;
digestmap_t *by_rsa_sha1;
struct double_digest_map by_both_ids;
digestmap_t *by_collated_rsa_sha1;
smartlist_t *all_rsa_sha1_lst;
};
#endif
#endif

View File

@ -18,6 +18,7 @@
#include "dirserv.h"
#include "dirvote.h"
#include "hibernate.h"
#include "keypin.h"
#include "microdesc.h"
#include "networkstatus.h"
#include "nodelist.h"
@ -27,6 +28,7 @@
#include "routerlist.h"
#include "routerparse.h"
#include "routerset.h"
#include "torcert.h"
/**
* \file dirserv.c
@ -225,6 +227,16 @@ dirserv_load_fingerprint_file(void)
return 0;
}
/* If this is set, then we don't allow routers that have advertised an Ed25519
* identity to stop doing so. This is going to be essential for good identity
* security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
* just sign fake descriptors missing the Ed25519 key. But we won't actually
* be able to prevent that kind of thing until we're confident that there
* isn't actually a legit reason to downgrade to 0.2.5. So for now, we have
* to leave this #undef.
*/
#undef DISABLE_DISABLING_ED25519
/** Check whether <b>router</b> has a nickname/identity key combination that
* we recognize from the fingerprint list, or an IP we automatically act on
* according to our configuration. Return the appropriate router status.
@ -243,6 +255,36 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg)
return FP_REJECT;
}
if (router->signing_key_cert) {
/* This has an ed25519 identity key. */
if (KEYPIN_MISMATCH ==
keypin_check((const uint8_t*)router->cache_info.identity_digest,
router->signing_key_cert->signing_key.pubkey)) {
if (msg) {
*msg = "Ed25519 identity key or RSA identity key has changed.";
}
log_warn(LD_DIR, "Router %s uploaded a descriptor with a Ed25519 key "
"but the <rsa,ed25519> keys don't match what they were before.",
router_describe(router));
return FP_REJECT;
}
} else {
/* No ed25519 key */
if (KEYPIN_MISMATCH == keypin_check_lone_rsa(
(const uint8_t*)router->cache_info.identity_digest)) {
log_warn(LD_DIR, "Router %s uploaded a descriptor with no Ed25519 key, "
"when we previously knew an Ed25519 for it. Ignoring for now, "
"since Tor 0.2.6 is under development.",
router_describe(router));
#ifdef DISABLE_DISABLING_ED25519
if (msg) {
*msg = "Ed25519 identity key has disappeared.";
}
return FP_REJECT;
#endif
}
}
return dirserv_get_status_impl(d, router->nickname,
router->addr, router->or_port,
router->platform, msg, 1);
@ -578,6 +620,28 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
return ROUTER_IS_ALREADY_KNOWN;
}
/* Do keypinning again ... this time, to add the pin if appropriate */
int keypin_status;
if (ri->signing_key_cert) {
keypin_status = keypin_check_and_add(
(const uint8_t*)ri->cache_info.identity_digest,
ri->signing_key_cert->signing_key.pubkey);
} else {
keypin_status = keypin_check_lone_rsa(
(const uint8_t*)ri->cache_info.identity_digest);
#ifndef DISABLE_DISABLING_ED25519
if (keypin_status == KEYPIN_MISMATCH)
keypin_status = KEYPIN_NOT_FOUND;
#endif
}
if (keypin_status == KEYPIN_MISMATCH) {
log_info(LD_DIRSERV, "Dropping descriptor from %s (source: %s) because "
"its key did not match an older RSA/Ed25519 keypair",
router_describe(ri), source);
*msg = "Looks like your keypair does not match its older value.";
return ROUTER_AUTHDIR_REJECTS;
}
/* Make a copy of desc, since router_add_to_routerlist might free
* ri and its associated signed_descriptor_t. */
desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
@ -1929,6 +1993,16 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
smartlist_add_asprintf(chunks, "p %s\n", summary);
tor_free(summary);
}
if (format == NS_V3_VOTE && vrs) {
if (tor_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
smartlist_add(chunks, tor_strdup("id ed25519 none\n"));
} else {
char ed_b64[BASE64_DIGEST256_LEN+1];
digest256_to_base64(ed_b64, (const char*)vrs->ed25519_id);
smartlist_add_asprintf(chunks, "id ed25519 %s\n", ed_b64);
}
}
}
done:
@ -2751,6 +2825,11 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
listbadexits,
vote_on_hsdirs);
if (ri->signing_key_cert) {
memcpy(vrs->ed25519_id, ri->signing_key_cert->signing_key.pubkey,
ED25519_PUBKEY_LEN);
}
if (digestmap_get(omit_as_sybil, ri->cache_info.identity_digest))
clear_status_flags_on_sybil(rs);

View File

@ -6,6 +6,7 @@
#define DIRVOTE_PRIVATE
#include "or.h"
#include "config.h"
#include "dircollate.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
@ -17,6 +18,7 @@
#include "routerlist.h"
#include "routerparse.h"
#include "entrynodes.h" /* needed for guardfraction methods */
#include "torcert.h"
/**
* \file dirvote.c
@ -1138,6 +1140,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
char *params = NULL;
char *packages = NULL;
int added_weights = 0;
dircollator_t *collator = NULL;
tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
tor_assert(total_authorities >= smartlist_len(votes));
@ -1493,12 +1496,24 @@ networkstatus_compute_consensus(smartlist_t *votes,
}
);
/* Populate the collator */
collator = dircollator_new(smartlist_len(votes), total_authorities);
SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
dircollator_add_vote(collator, v);
} SMARTLIST_FOREACH_END(v);
dircollator_collate(collator, consensus_method);
/* Now go through all the votes */
flag_counts = tor_calloc(smartlist_len(flags), sizeof(int));
while (1) {
const int num_routers = dircollator_n_routers(collator);
for (i = 0; i < num_routers; ++i) {
vote_routerstatus_t **vrs_lst =
dircollator_get_votes_for_router(collator, i);
vote_routerstatus_t *rs;
routerstatus_t rs_out;
const char *lowest_id = NULL;
const char *current_rsa_id = NULL;
const char *chosen_version;
const char *chosen_name = NULL;
int exitsummary_disagreement = 0;
@ -1506,23 +1521,9 @@ networkstatus_compute_consensus(smartlist_t *votes,
int is_guard = 0, is_exit = 0, is_bad_exit = 0;
int naming_conflict = 0;
int n_listing = 0;
int i;
char microdesc_digest[DIGEST256_LEN];
tor_addr_port_t alt_orport = {TOR_ADDR_NULL, 0};
/* Of the next-to-be-considered digest in each voter, which is first? */
SMARTLIST_FOREACH(votes, networkstatus_t *, v, {
if (index[v_sl_idx] < size[v_sl_idx]) {
rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
if (!lowest_id ||
fast_memcmp(rs->status.identity_digest,
lowest_id, DIGEST_LEN) < 0)
lowest_id = rs->status.identity_digest;
}
});
if (!lowest_id) /* we're out of routers. */
break;
memset(flag_counts, 0, sizeof(int)*smartlist_len(flags));
smartlist_clear(matching_descs);
smartlist_clear(chosen_flags);
@ -1532,29 +1533,25 @@ networkstatus_compute_consensus(smartlist_t *votes,
num_guardfraction_inputs = 0;
/* Okay, go through all the entries for this digest. */
SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
if (index[v_sl_idx] >= size[v_sl_idx])
continue; /* out of entries. */
rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
if (fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN))
continue; /* doesn't include this router. */
/* At this point, we know that we're looking at a routerstatus with
* identity "lowest".
*/
++index[v_sl_idx];
for (int voter_idx = 0; voter_idx < smartlist_len(votes); ++voter_idx) {
if (vrs_lst[voter_idx] == NULL)
continue; /* This voter had nothig to say about this entry. */
rs = vrs_lst[voter_idx];
++n_listing;
current_rsa_id = rs->status.identity_digest;
smartlist_add(matching_descs, rs);
if (rs->version && rs->version[0])
smartlist_add(versions, rs->version);
/* Tally up all the flags. */
for (i = 0; i < n_voter_flags[v_sl_idx]; ++i) {
if (rs->flags & (U64_LITERAL(1) << i))
++flag_counts[flag_map[v_sl_idx][i]];
for (int flag = 0; flag < n_voter_flags[voter_idx]; ++flag) {
if (rs->flags & (U64_LITERAL(1) << flag))
++flag_counts[flag_map[voter_idx][flag]];
}
if (named_flag[v_sl_idx] >= 0 &&
(rs->flags & (U64_LITERAL(1) << named_flag[v_sl_idx]))) {
if (named_flag[voter_idx] >= 0 &&
(rs->flags & (U64_LITERAL(1) << named_flag[voter_idx]))) {
if (chosen_name && strcmp(chosen_name, rs->status.nickname)) {
log_notice(LD_DIR, "Conflict on naming for router: %s vs %s",
chosen_name, rs->status.nickname);
@ -1575,7 +1572,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
if (rs->status.has_bandwidth)
bandwidths_kb[num_bandwidths++] = rs->status.bandwidth_kb;
} SMARTLIST_FOREACH_END(v);
}
/* We don't include this router at all unless more than half of
* the authorities we believe in list it. */
@ -1589,8 +1586,9 @@ networkstatus_compute_consensus(smartlist_t *votes,
microdesc_digest, &alt_orport);
/* Copy bits of that into rs_out. */
memset(&rs_out, 0, sizeof(rs_out));
tor_assert(fast_memeq(lowest_id, rs->status.identity_digest,DIGEST_LEN));
memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN);
tor_assert(fast_memeq(current_rsa_id,
rs->status.identity_digest,DIGEST_LEN));
memcpy(rs_out.identity_digest, current_rsa_id, DIGEST_LEN);
memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
DIGEST_LEN);
rs_out.addr = rs->status.addr;
@ -1614,7 +1612,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
if (!d) {
is_named = is_unnamed = 0;
} else if (fast_memeq(d, lowest_id, DIGEST_LEN)) {
} else if (fast_memeq(d, current_rsa_id, DIGEST_LEN)) {
is_named = 1; is_unnamed = 0;
} else {
is_named = 0; is_unnamed = 1;
@ -1980,6 +1978,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
done:
dircollator_free(collator);
tor_free(client_versions);
tor_free(server_versions);
tor_free(packages);
@ -3487,9 +3486,18 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
}
if (consensus_method >= MIN_METHOD_FOR_ID_HASH_IN_MD) {
char idbuf[BASE64_DIGEST_LEN+1];
digest_to_base64(idbuf, ri->cache_info.identity_digest);
smartlist_add_asprintf(chunks, "id rsa1024 %s\n", idbuf);
char idbuf[ED25519_BASE64_LEN+1];
const char *keytype;
if (consensus_method >= MIN_METHOD_FOR_ED25519_ID_IN_MD &&
ri->signing_key_cert &&
ri->signing_key_cert->signing_key_included) {
keytype = "ed25519";
ed25519_public_to_base64(idbuf, &ri->signing_key_cert->signing_key);
} else {
keytype = "rsa1024";
digest_to_base64(idbuf, ri->cache_info.identity_digest);
}
smartlist_add_asprintf(chunks, "id %s %s\n", keytype, idbuf);
}
output = smartlist_join_strings(chunks, "", 0, NULL);
@ -3562,7 +3570,8 @@ static const struct consensus_method_range_t {
{MIN_METHOD_FOR_A_LINES, MIN_METHOD_FOR_P6_LINES - 1},
{MIN_METHOD_FOR_P6_LINES, MIN_METHOD_FOR_NTOR_KEY - 1},
{MIN_METHOD_FOR_NTOR_KEY, MIN_METHOD_FOR_ID_HASH_IN_MD - 1},
{MIN_METHOD_FOR_ID_HASH_IN_MD, MAX_SUPPORTED_CONSENSUS_METHOD},
{MIN_METHOD_FOR_ID_HASH_IN_MD, MIN_METHOD_FOR_ED25519_ID_IN_MD - 1},
{MIN_METHOD_FOR_ED25519_ID_IN_MD, MAX_SUPPORTED_CONSENSUS_METHOD},
{-1, -1}
};

View File

@ -55,7 +55,7 @@
#define MIN_SUPPORTED_CONSENSUS_METHOD 13
/** The highest consensus method that we currently support. */
#define MAX_SUPPORTED_CONSENSUS_METHOD 20
#define MAX_SUPPORTED_CONSENSUS_METHOD 21
/** Lowest consensus method where microdesc consensuses omit any entry
* with no microdesc. */
@ -86,6 +86,13 @@
* GuardFraction information in microdescriptors. */
#define MIN_METHOD_FOR_GUARDFRACTION 20
/** Lowest consensus method where authorities may include an "id" line for
* ed25519 identities in microdescriptors. */
#define MIN_METHOD_FOR_ED25519_ID_IN_MD 21
/** Lowest consensus method where authorities vote on ed25519 ids and ensure
* ed25519 id consistency. */
#define MIN_METHOD_FOR_ED25519_ID_VOTING MIN_METHOD_FOR_ED25519_ID_IN_MD
/** Default bandwidth to clip unmeasured bandwidths to using method >=
* MIN_METHOD_TO_CLIP_UNMEASURED_BW. (This is not a consensus method; do not
* get confused with the above macros.) */

View File

@ -43,6 +43,7 @@ LIBTOR_A_SOURCES = \
src/or/connection_or.c \
src/or/control.c \
src/or/cpuworker.c \
src/or/dircollate.c \
src/or/directory.c \
src/or/dirserv.c \
src/or/dirvote.c \
@ -53,6 +54,7 @@ LIBTOR_A_SOURCES = \
src/or/entrynodes.c \
src/or/ext_orport.c \
src/or/hibernate.c \
src/or/keypin.c \
src/or/main.c \
src/or/microdesc.c \
src/or/networkstatus.c \
@ -71,12 +73,14 @@ LIBTOR_A_SOURCES = \
src/or/rephist.c \
src/or/replaycache.c \
src/or/router.c \
src/or/routerkeys.c \
src/or/routerlist.c \
src/or/routerparse.c \
src/or/routerset.c \
src/or/scheduler.c \
src/or/statefile.c \
src/or/status.c \
src/or/torcert.c \
src/or/onion_ntor.c \
$(evdns_source) \
$(tor_platform_source)
@ -84,11 +88,6 @@ LIBTOR_A_SOURCES = \
src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)
src_or_libtor_testing_a_SOURCES = $(LIBTOR_A_SOURCES)
#libtor_a_LIBADD = $(top_builddir)/common/libor.a \
# $(top_builddir)/common/libor-crypto.a \
# $(top_builddir)/common/libor-event.a
src_or_tor_SOURCES = src/or/tor_main.c
AM_CPPFLAGS += -I$(srcdir)/src/or -Isrc/or
@ -109,7 +108,7 @@ src_or_libtor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_or_tor_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
src_or_tor_LDADD = src/or/libtor.a src/common/libor.a \
src/common/libor-crypto.a $(LIBDONNA) \
src/common/libor-event.a \
src/common/libor-event.a src/trunnel/libor-trunnel.a \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@
@ -120,7 +119,7 @@ src_or_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_or_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
src_or_tor_cov_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
src/common/libor-crypto-testing.a $(LIBDONNA) \
src/common/libor-event-testing.a \
src/common/libor-event-testing.a src/trunnel/libor-trunnel-testing.a \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@
TESTING_TOR_BINARY = $(top_builddir)/src/or/tor-cov
@ -148,6 +147,7 @@ ORHEADERS = \
src/or/connection_or.h \
src/or/control.h \
src/or/cpuworker.h \
src/or/dircollate.h \
src/or/directory.h \
src/or/dirserv.h \
src/or/dirvote.h \
@ -159,6 +159,7 @@ ORHEADERS = \
src/or/geoip.h \
src/or/entrynodes.h \
src/or/hibernate.h \
src/or/keypin.h \
src/or/main.h \
src/or/microdesc.h \
src/or/networkstatus.h \
@ -180,12 +181,15 @@ ORHEADERS = \
src/or/rephist.h \
src/or/replaycache.h \
src/or/router.h \
src/or/routerkeys.h \
src/or/routerlist.h \
src/or/routerkeys.h \
src/or/routerset.h \
src/or/routerparse.h \
src/or/scheduler.h \
src/or/statefile.h \
src/or/status.h
src/or/status.h \
src/or/torcert.h
noinst_HEADERS+= $(ORHEADERS) micro-revision.i

419
src/or/keypin.c Normal file
View File

@ -0,0 +1,419 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define KEYPIN_PRIVATE
#include "orconfig.h"
#include "compat.h"
#include "crypto.h"
#include "di_ops.h"
#include "ht.h"
#include "keypin.h"
#include "siphash.h"
#include "torint.h"
#include "torlog.h"
#include "util.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef _WIN32
#include <io.h>
#endif
/**
* @file keypin.c
* @brief Key-pinning for RSA and Ed25519 identity keys at directory
* authorities.
*
* This module implements a key-pinning mechanism to ensure that it's safe
* to use RSA keys as identitifers even as we migrate to Ed25519 keys. It
* remembers, for every Ed25519 key we've seen, what the associated Ed25519
* key is. This way, if we see a different Ed25519 key with that RSA key,
* we'll know that there's a mismatch.
*
* We persist these entries to disk using a simple format, where each line
* has a base64-encoded RSA SHA1 hash, then a base64-endoded Ed25519 key.
* Empty lines, misformed lines, and lines beginning with # are
* ignored. Lines beginning with @ are reserved for future extensions.
*/
static int keypin_journal_append_entry(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key);
static int keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key,
int do_not_add);
static HT_HEAD(rsamap, keypin_ent_st) the_rsa_map = HT_INITIALIZER();
static HT_HEAD(edmap, keypin_ent_st) the_ed_map = HT_INITIALIZER();
/** Hashtable helper: compare two keypin table entries and return true iff
* they have the same RSA key IDs. */
static INLINE int
keypin_ents_eq_rsa(const keypin_ent_t *a, const keypin_ent_t *b)
{
return tor_memeq(a->rsa_id, b->rsa_id, sizeof(a->rsa_id));
}
/** Hashtable helper: hash a keypin table entries based on its RSA key ID */
static INLINE unsigned
keypin_ent_hash_rsa(const keypin_ent_t *a)
{
return (unsigned) siphash24g(a->rsa_id, sizeof(a->rsa_id));
}
/** Hashtable helper: compare two keypin table entries and return true iff
* they have the same ed25519 keys */
static INLINE int
keypin_ents_eq_ed(const keypin_ent_t *a, const keypin_ent_t *b)
{
return tor_memeq(a->ed25519_key, b->ed25519_key, sizeof(a->ed25519_key));
}
/** Hashtable helper: hash a keypin table entries based on its ed25519 key */
static INLINE unsigned
keypin_ent_hash_ed(const keypin_ent_t *a)
{
return (unsigned) siphash24g(a->ed25519_key, sizeof(a->ed25519_key));
}
HT_PROTOTYPE(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
keypin_ents_eq_rsa);
HT_GENERATE2(rsamap, keypin_ent_st, rsamap_node, keypin_ent_hash_rsa,
keypin_ents_eq_rsa, 0.6, tor_reallocarray, tor_free_);
HT_PROTOTYPE(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
keypin_ents_eq_ed);
HT_GENERATE2(edmap, keypin_ent_st, edmap_node, keypin_ent_hash_ed,
keypin_ents_eq_ed, 0.6, tor_reallocarray, tor_free_);
/**
* Check whether we already have an entry in the key pinning table for a
* router with RSA ID digest <b>rsa_id_digest</b> or for ed25519 key
* <b>ed25519_id_key</b>. If we have an entry that matches both keys,
* return KEYPIN_FOUND. If we find an entry that matches one key but
* not the other, return KEYPIN_MISMATCH. If we have no entry for either
* key, add such an entry to the table and return KEYPIN_ADDED.
*/
int
keypin_check_and_add(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key)
{
return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 0);
}
/**
* As keypin_check_and_add, but do not add. Return KEYPIN_NOT_FOUND if
* we would add.
*/
int
keypin_check(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key)
{
return keypin_check_and_add_impl(rsa_id_digest, ed25519_id_key, 1);
}
/**
* Helper: implements keypin_check and keypin_check_and_add.
*/
static int
keypin_check_and_add_impl(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key,
int do_not_add)
{
keypin_ent_t search, *ent;
memset(&search, 0, sizeof(search));
memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
memcpy(search.ed25519_key, ed25519_id_key, sizeof(search.ed25519_key));
/* Search by RSA key digest first */
ent = HT_FIND(rsamap, &the_rsa_map, &search);
if (ent) {
tor_assert(fast_memeq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
if (tor_memeq(ent->ed25519_key, ed25519_id_key,sizeof(ent->ed25519_key))) {
return KEYPIN_FOUND; /* Match on both keys. Great. */
} else {
return KEYPIN_MISMATCH; /* Found RSA with different Ed key */
}
}
/* See if we know a different RSA key for this ed key */
ent = HT_FIND(edmap, &the_ed_map, &search);
if (ent) {
/* If we got here, then the ed key matches and the RSA doesn't */
tor_assert(fast_memeq(ent->ed25519_key, ed25519_id_key,
sizeof(ent->ed25519_key)));
tor_assert(fast_memneq(ent->rsa_id, rsa_id_digest, sizeof(ent->rsa_id)));
return KEYPIN_MISMATCH;
}
/* Okay, this one is new to us. */
if (do_not_add)
return KEYPIN_NOT_FOUND;
ent = tor_memdup(&search, sizeof(search));
keypin_add_entry_to_map(ent);
keypin_journal_append_entry(rsa_id_digest, ed25519_id_key);
return KEYPIN_ADDED;
}
/**
* Helper: add <b>ent</b> to the hash tables.
*/
MOCK_IMPL(STATIC void,
keypin_add_entry_to_map, (keypin_ent_t *ent))
{
HT_INSERT(rsamap, &the_rsa_map, ent);
HT_INSERT(edmap, &the_ed_map, ent);
}
/**
* Check whether we already have an entry in the key pinning table for a
* router with RSA ID digest <b>rsa_id_digest</b>. If we have no such entry,
* return KEYPIN_NOT_FOUND. If we find an entry that matches the RSA key but
* which has an ed25519 key, return KEYPIN_MISMATCH.
*/
int
keypin_check_lone_rsa(const uint8_t *rsa_id_digest)
{
keypin_ent_t search, *ent;
memset(&search, 0, sizeof(search));
memcpy(search.rsa_id, rsa_id_digest, sizeof(search.rsa_id));
/* Search by RSA key digest first */
ent = HT_FIND(rsamap, &the_rsa_map, &search);
if (ent) {
return KEYPIN_MISMATCH;
} else {
return KEYPIN_NOT_FOUND;
}
}
/** Open fd to the keypinning journal file. */
static int keypin_journal_fd = -1;
/** Open the key-pinning journal to append to <b>fname</b>. Return 0 on
* success, -1 on failure. */
int
keypin_open_journal(const char *fname)
{
/* O_SYNC ??*/
int fd = tor_open_cloexec(fname, O_WRONLY|O_CREAT, 0600);
if (fd < 0)
goto err;
if (tor_fd_seekend(fd) < 0)
goto err;
/* Add a newline in case the last line was only partially written */
if (write(fd, "\n", 1) < 1)
goto err;
/* Add something about when we opened this file. */
char buf[80];
char tbuf[ISO_TIME_LEN+1];
format_iso_time(tbuf, approx_time());
tor_snprintf(buf, sizeof(buf), "@opened-at %s\n", tbuf);
if (write_all(fd, buf, strlen(buf), 0) < 0)
goto err;
keypin_journal_fd = fd;
return 0;
err:
if (fd >= 0)
close(fd);
return -1;
}
/** Close the keypinning journal file. */
int
keypin_close_journal(void)
{
if (keypin_journal_fd >= 0)
close(keypin_journal_fd);
keypin_journal_fd = -1;
return 0;
}
/** Length of a keypinning journal line, including terminating newline. */
#define JOURNAL_LINE_LEN (BASE64_DIGEST_LEN + BASE64_DIGEST256_LEN + 2)
/** Add an entry to the keypinning journal to map <b>rsa_id_digest</b> and
* <b>ed25519_id_key</b>. */
static int
keypin_journal_append_entry(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key)
{
if (keypin_journal_fd == -1)
return -1;
char line[JOURNAL_LINE_LEN];
digest_to_base64(line, (const char*)rsa_id_digest);
line[BASE64_DIGEST_LEN] = ' ';
digest256_to_base64(line + BASE64_DIGEST_LEN + 1,
(const char*)ed25519_id_key);
line[BASE64_DIGEST_LEN+1+BASE64_DIGEST256_LEN] = '\n';
if (write_all(keypin_journal_fd, line, JOURNAL_LINE_LEN, 0)<0) {
log_warn(LD_DIRSERV, "Error while adding a line to the key-pinning "
"journal: %s", strerror(errno));
keypin_close_journal();
return -1;
}
return 0;
}
/** Load a journal from the <b>size</b>-byte region at <b>data</b>. Return 0
* on success, -1 on failure. */
STATIC int
keypin_load_journal_impl(const char *data, size_t size)
{
const char *start = data, *end = data + size, *next;
int n_corrupt_lines = 0;
int n_entries = 0;
int n_duplicates = 0;
int n_conflicts = 0;
for (const char *cp = start; cp < end; cp = next) {
const char *eol = memchr(cp, '\n', end-cp);
const char *eos = eol ? eol : end;
const size_t len = eos - cp;
next = eol ? eol + 1 : end;
if (len == 0) {
continue;
}
if (*cp == '@') {
/* Lines that start with @ are reserved. Ignore for now. */
continue;
}
if (*cp == '#') {
/* Lines that start with # are comments. */
continue;
}
/* Is it the right length? (The -1 here is for the newline.) */
if (len != JOURNAL_LINE_LEN - 1) {
/* Lines with a bad length are corrupt unless they are empty.
* Ignore them either way */
for (const char *s = cp; s < eos; ++s) {
if (! TOR_ISSPACE(*s)) {
++n_corrupt_lines;
break;
}
}
continue;
}
keypin_ent_t *ent = keypin_parse_journal_line(cp);
if (ent == NULL) {
++n_corrupt_lines;
continue;
}
const keypin_ent_t *ent2;
if ((ent2 = HT_FIND(rsamap, &the_rsa_map, ent))) {
if (fast_memeq(ent2->ed25519_key, ent->ed25519_key, DIGEST256_LEN)) {
++n_duplicates;
} else {
++n_conflicts;
}
tor_free(ent);
continue;
} else if (HT_FIND(edmap, &the_ed_map, ent)) {
tor_free(ent);
++n_conflicts;
continue;
}
keypin_add_entry_to_map(ent);
++n_entries;
}
int severity = (n_corrupt_lines || n_duplicates) ? LOG_WARN : LOG_INFO;
tor_log(severity, LD_DIRSERV,
"Loaded %d entries from keypin journal. "
"Found %d corrupt lines, %d duplicates, and %d conflicts.",
n_entries, n_corrupt_lines, n_duplicates, n_conflicts);
return 0;
}
/**
* Load a journal from the file called <b>fname</b>. Return 0 on success,
* -1 on failure.
*/
int
keypin_load_journal(const char *fname)
{
tor_mmap_t *map = tor_mmap_file(fname);
if (!map) {
if (errno == ENOENT)
return 0;
else
return -1;
}
int r = keypin_load_journal_impl(map->data, map->size);
tor_munmap_file(map);
return r;
}
/** Parse a single keypinning journal line entry from <b>cp</b>. The input
* does not need to be NUL-terminated, but it <em>does</em> need to have
* KEYPIN_JOURNAL_LINE_LEN -1 bytes available to read. Return a new entry
* on success, and NULL on failure.
*/
STATIC keypin_ent_t *
keypin_parse_journal_line(const char *cp)
{
/* XXXX assumes !USE_OPENSSL_BASE64 */
keypin_ent_t *ent = tor_malloc_zero(sizeof(keypin_ent_t));
if (base64_decode((char*)ent->rsa_id, sizeof(ent->rsa_id),
cp, BASE64_DIGEST_LEN) != DIGEST_LEN ||
cp[BASE64_DIGEST_LEN] != ' ' ||
base64_decode((char*)ent->ed25519_key, sizeof(ent->ed25519_key),
cp+BASE64_DIGEST_LEN+1, BASE64_DIGEST256_LEN) != DIGEST256_LEN) {
tor_free(ent);
return NULL;
} else {
return ent;
}
}
/** Remove all entries from the keypinning table.*/
void
keypin_clear(void)
{
int bad_entries = 0;
{
keypin_ent_t **ent, **next, *this;
for (ent = HT_START(rsamap, &the_rsa_map); ent != NULL; ent = next) {
this = *ent;
next = HT_NEXT_RMV(rsamap, &the_rsa_map, ent);
keypin_ent_t *other_ent = HT_REMOVE(edmap, &the_ed_map, this);
bad_entries += (other_ent != this);
tor_free(this);
}
}
bad_entries += HT_SIZE(&the_ed_map);
HT_CLEAR(edmap,&the_ed_map);
HT_CLEAR(rsamap,&the_rsa_map);
if (bad_entries) {
log_warn(LD_BUG, "Found %d discrepencies in the the keypin database.",
bad_entries);
}
}

46
src/or/keypin.h Normal file
View File

@ -0,0 +1,46 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_KEYPIN_H
#define TOR_KEYPIN_H
#include "testsupport.h"
int keypin_check_and_add(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key);
int keypin_check(const uint8_t *rsa_id_digest,
const uint8_t *ed25519_id_key);
int keypin_open_journal(const char *fname);
int keypin_close_journal(void);
int keypin_load_journal(const char *fname);
void keypin_clear(void);
int keypin_check_lone_rsa(const uint8_t *rsa_id_digest);
#define KEYPIN_FOUND 0
#define KEYPIN_ADDED 1
#define KEYPIN_MISMATCH -1
#define KEYPIN_NOT_FOUND -2
#ifdef KEYPIN_PRIVATE
/**
* In-memory representation of a key-pinning table entry.
*/
typedef struct keypin_ent_st {
HT_ENTRY(keypin_ent_st) rsamap_node;
HT_ENTRY(keypin_ent_st) edmap_node;
/** SHA1 hash of the RSA key */
uint8_t rsa_id[DIGEST_LEN];
/** Ed2219 key. */
uint8_t ed25519_key[DIGEST256_LEN];
} keypin_ent_t;
STATIC keypin_ent_t * keypin_parse_journal_line(const char *cp);
STATIC int keypin_load_journal_impl(const char *data, size_t size);
MOCK_DECL(STATIC void, keypin_add_entry_to_map, (keypin_ent_t *ent));
#endif
#endif

View File

@ -37,6 +37,7 @@
#include "entrynodes.h"
#include "geoip.h"
#include "hibernate.h"
#include "keypin.h"
#include "main.h"
#include "microdesc.h"
#include "networkstatus.h"
@ -51,6 +52,7 @@
#include "rendservice.h"
#include "rephist.h"
#include "router.h"
#include "routerkeys.h"
#include "routerlist.h"
#include "routerparse.h"
#include "scheduler.h"
@ -1223,10 +1225,13 @@ typedef struct {
time_t check_descriptor;
/** When do we next launch DNS wildcarding checks? */
time_t check_for_correct_dns;
/** When do we next make sure our Ed25519 keys aren't about to expire? */
time_t check_ed_keys;
} time_to_t;
static time_to_t time_to = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/** Reset all the time_to's so we'll do all our actions again as if we
@ -1297,6 +1302,18 @@ run_scheduled_events(time_t now)
router_upload_dir_desc_to_dirservers(0);
}
if (is_server && time_to.check_ed_keys < now) {
if (should_make_new_ed_keys(options, now)) {
if (load_ed_keys(options, now) < 0 ||
generate_ed_link_cert(options, now)) {
log_err(LD_OR, "Unable to update Ed25519 keys! Exiting.");
tor_cleanup();
exit(0);
}
}
time_to.check_ed_keys = now + 30;
}
if (!should_delay_dir_fetches(options, NULL) &&
time_to.try_getting_descriptors < now) {
update_all_descriptor_downloads(now);
@ -2015,6 +2032,23 @@ do_main_loop(void)
/* initialize the bootstrap status events to know we're starting up */
control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0);
/* Initialize the keypinning log. */
if (authdir_mode_v3(get_options())) {
char *fname = get_datadir_fname("key-pinning-entries");
int r = 0;
if (keypin_load_journal(fname)<0) {
log_err(LD_DIR, "Error loading key-pinning journal: %s",strerror(errno));
r = -1;
}
if (keypin_open_journal(fname)<0) {
log_err(LD_DIR, "Error opening key-pinning journal: %s",strerror(errno));
r = -1;
}
tor_free(fname);
if (r)
return r;
}
if (trusted_dirs_reload_certs()) {
log_warn(LD_DIR,
"Couldn't load all cached v3 certificates. Starting anyway.");
@ -2695,6 +2729,7 @@ tor_free_all(int postfork)
config_free_all();
or_state_free_all();
router_free_all();
routerkeys_free_all();
policies_free_all();
}
if (!postfork) {
@ -2752,6 +2787,7 @@ tor_cleanup(void)
or_state_save(now);
if (authdir_mode_tests_reachability(options))
rep_hist_record_mtbf_data(now, 0);
keypin_close_journal();
}
#ifdef USE_DMALLOC
dmalloc_log_stats();

View File

@ -738,6 +738,7 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno)
if (md->onion_pkey)
crypto_pk_free(md->onion_pkey);
tor_free(md->onion_curve25519_pkey);
tor_free(md->ed25519_identity_pkey);
if (md->body && md->saved_location != SAVED_IN_CACHE)
tor_free(md->body);

View File

@ -96,6 +96,7 @@
#include "ht.h"
#include "replaycache.h"
#include "crypto_curve25519.h"
#include "crypto_ed25519.h"
#include "tor_queue.h"
/* These signals are defined to help handle_control_signal work.
@ -1353,6 +1354,8 @@ typedef struct listener_connection_t {
* in the v3 handshake. The subject key must be a 1024-bit RSA key; it
* must be signed by the identity key */
#define OR_CERT_TYPE_AUTH_1024 3
/** DOCDOC */
#define OR_CERT_TYPE_RSA_ED_CROSSCERT 7
/**@}*/
/** The one currently supported type of AUTHENTICATE cell. It contains
@ -1428,9 +1431,9 @@ typedef struct or_handshake_state_t {
* @{
*/
/** The cert for the key that's supposed to sign the AUTHENTICATE cell */
tor_cert_t *auth_cert;
tor_x509_cert_t *auth_cert;
/** A self-signed identity certificate */
tor_cert_t *id_cert;
tor_x509_cert_t *id_cert;
/**@}*/
} or_handshake_state_t;
@ -2023,6 +2026,8 @@ typedef int16_t country_t;
/** Information about another onion router in the network. */
typedef struct {
signed_descriptor_t cache_info;
/** A SHA256-digest of the extrainfo (if any) */
char extra_info_digest256[DIGEST256_LEN];
char *nickname; /**< Human-readable OR name. */
uint32_t addr; /**< IPv4 address of OR, in host order. */
@ -2040,6 +2045,11 @@ typedef struct {
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
/** Public curve25519 key for onions */
curve25519_public_key_t *onion_curve25519_pkey;
/** Certificate for ed25519 signing key */
struct tor_cert_st *signing_key_cert;
/** What's the earliest expiration time on all the certs in this
* routerinfo? */
time_t cert_expiration_time;
char *platform; /**< What software/operating system is this OR using? */
@ -2099,8 +2109,12 @@ typedef struct {
/** Information needed to keep and cache a signed extra-info document. */
typedef struct extrainfo_t {
signed_descriptor_t cache_info;
/** SHA256 digest of this document */
uint8_t digest256[DIGEST256_LEN];
/** The router's nickname. */
char nickname[MAX_NICKNAME_LEN+1];
/** Certificate for ed25519 signing key */
struct tor_cert_st *signing_key_cert;
/** True iff we found the right key for this extra-info, verified the
* signature, and found it to be bad. */
unsigned int bad_sig : 1;
@ -2245,6 +2259,8 @@ typedef struct microdesc_t {
crypto_pk_t *onion_pkey;
/** As routerinfo_t.onion_curve25519_pkey */
curve25519_public_key_t *onion_curve25519_pkey;
/** Ed25519 identity key, if included. */
ed25519_public_key_t *ed25519_identity_pkey;
/** As routerinfo_t.ipv6_add */
tor_addr_t ipv6_addr;
/** As routerinfo_t.ipv6_orport */
@ -2359,9 +2375,13 @@ typedef struct vote_routerstatus_t {
char *version; /**< The version that the authority says this router is
* running. */
unsigned int has_measured_bw:1; /**< The vote had a measured bw */
unsigned int has_ed25519_listing:1; /** DOCDOC */
unsigned int ed25519_reflects_consensus:1; /** DOCDOC */
uint32_t measured_bw_kb; /**< Measured bandwidth (capacity) of the router */
/** The hash or hashes that the authority claims this microdesc has. */
vote_microdesc_hash_t *microdesc;
/** Ed25519 identity for this router, or zero if it has none. */
uint8_t ed25519_id[ED25519_PUBKEY_LEN];
} vote_routerstatus_t;
/** A signature of some document by an authority. */
@ -4261,6 +4281,21 @@ typedef struct {
* XXXX Eventually, the default will be 0. */
int ExitRelay;
/** For how long (seconds) do we declare our singning keys to be valid? */
int SigningKeyLifetime;
/** For how long (seconds) do we declare our link keys to be valid? */
int TestingLinkCertLifetime;
/** For how long (seconds) do we declare our auth keys to be valid? */
int TestingAuthKeyLifetime;
/** How long before signing keys expire will we try to make a new one? */
int TestingSigningKeySlop;
/** How long before link keys expire will we try to make a new one? */
int TestingLinkKeySlop;
/** How long before auth keys expire will we try to make a new one? */
int TestingAuthKeySlop;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
@ -5065,6 +5100,8 @@ typedef enum was_router_added_t {
/* Router descriptor was rejected because it was older than
* OLD_ROUTER_DESC_MAX_AGE. */
ROUTER_WAS_TOO_OLD = -7, /* note contrast with 'NOT_NEW' */
/* DOCDOC */
ROUTER_CERTS_EXPIRED = -8
} was_router_added_t;
/********************************* routerparse.c ************************/

View File

@ -26,9 +26,11 @@
#include "relay.h"
#include "rephist.h"
#include "router.h"
#include "routerkeys.h"
#include "routerlist.h"
#include "routerparse.h"
#include "statefile.h"
#include "torcert.h"
#include "transports.h"
#include "routerset.h"
@ -204,6 +206,8 @@ set_server_identity_key(crypto_pk_t *k)
static void
assert_identity_keys_ok(void)
{
if (1)
return;
tor_assert(client_identitykey);
if (public_server_mode(get_options())) {
/* assert that we have set the client and server keys to be equal */
@ -863,6 +867,10 @@ init_keys(void)
set_client_identity_key(prkey);
}
/* 1d. Load all ed25519 keys */
if (load_ed_keys(options,now) < 0)
return -1;
/* 2. Read onion key. Make it if none is found. */
keydir = get_datadir_fname2("keys", "secret_onion_key");
log_info(LD_GENERAL,"Reading/making onion key \"%s\"...",keydir);
@ -928,6 +936,13 @@ init_keys(void)
return -1;
}
/* 3b. Get an ed25519 link certificate. Note that we need to do this
* after we set up the TLS context */
if (generate_ed_link_cert(options, now) < 0) {
log_err(LD_GENERAL,"Couldn't make link cert");
return -1;
}
/* 4. Build our router descriptor. */
/* Must be called after keys are initialized. */
mydesc = router_get_my_descriptor();
@ -1872,6 +1887,8 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
routerinfo_free(ri);
return -1;
}
ri->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
get_platform_str(platform, sizeof(platform));
ri->platform = tor_strdup(platform);
@ -1962,10 +1979,12 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
ei->cache_info.is_extrainfo = 1;
strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
ei->cache_info.published_on = ri->cache_info.published_on;
ei->signing_key_cert = tor_cert_dup(get_master_signing_key_cert());
memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
DIGEST_LEN);
if (extrainfo_dump_to_string(&ei->cache_info.signed_descriptor_body,
ei, get_server_identity_key()) < 0) {
ei, get_server_identity_key(),
get_master_signing_keypair()) < 0) {
log_warn(LD_BUG, "Couldn't generate extra-info descriptor.");
extrainfo_free(ei);
ei = NULL;
@ -1975,6 +1994,10 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body,
ei->cache_info.signed_descriptor_len,
ei->cache_info.signed_descriptor_digest);
crypto_digest256((char*) ei->digest256,
ei->cache_info.signed_descriptor_body,
ei->cache_info.signed_descriptor_len,
DIGEST_SHA256);
}
/* Now finish the router descriptor. */
@ -1982,12 +2005,18 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
memcpy(ri->cache_info.extra_info_digest,
ei->cache_info.signed_descriptor_digest,
DIGEST_LEN);
memcpy(ri->extra_info_digest256,
ei->digest256,
DIGEST256_LEN);
} else {
/* ri was allocated with tor_malloc_zero, so there is no need to
* zero ri->cache_info.extra_info_digest here. */
}
if (! (ri->cache_info.signed_descriptor_body = router_dump_router_to_string(
ri, get_server_identity_key()))) {
if (! (ri->cache_info.signed_descriptor_body =
router_dump_router_to_string(ri, get_server_identity_key(),
get_onion_key(),
get_current_curve25519_keypair(),
get_master_signing_keypair())) ) {
log_warn(LD_BUG, "Couldn't generate router descriptor.");
routerinfo_free(ri);
extrainfo_free(ei);
@ -2328,22 +2357,28 @@ get_platform_str(char *platform, size_t len)
*/
char *
router_dump_router_to_string(routerinfo_t *router,
crypto_pk_t *ident_key)
const crypto_pk_t *ident_key,
const crypto_pk_t *tap_key,
const curve25519_keypair_t *ntor_keypair,
const ed25519_keypair_t *signing_keypair)
{
char *address = NULL;
char *onion_pkey = NULL; /* Onion key, PEM-encoded. */
char *identity_pkey = NULL; /* Identity key, PEM-encoded. */
char digest[DIGEST_LEN];
char digest[DIGEST256_LEN];
char published[ISO_TIME_LEN+1];
char fingerprint[FINGERPRINT_LEN+1];
int has_extra_info_digest;
char extra_info_digest[HEX_DIGEST_LEN+1];
char *extra_info_line = NULL;
size_t onion_pkeylen, identity_pkeylen;
char *family_line = NULL;
char *extra_or_address = NULL;
const or_options_t *options = get_options();
smartlist_t *chunks = NULL;
char *output = NULL;
const int emit_ed_sigs = signing_keypair && router->signing_key_cert;
char *ed_cert_line = NULL;
char *rsa_tap_cc_line = NULL;
char *ntor_cc_line = NULL;
/* Make sure the identity key matches the one in the routerinfo. */
if (!crypto_pk_eq_keys(ident_key, router->identity_pkey)) {
@ -2351,6 +2386,16 @@ router_dump_router_to_string(routerinfo_t *router,
"match router's public key!");
goto err;
}
if (emit_ed_sigs) {
if (!router->signing_key_cert->signing_key_included ||
!ed25519_pubkey_eq(&router->signing_key_cert->signed_key,
&signing_keypair->pubkey)) {
log_warn(LD_BUG, "Tried to sign a router descriptor with a mismatched "
"ed25519 key chain %d",
router->signing_key_cert->signing_key_included);
goto err;
}
}
/* record our fingerprint, so we can include it in the descriptor */
if (crypto_pk_get_fingerprint(router->identity_pkey, fingerprint, 1)<0) {
@ -2358,6 +2403,22 @@ router_dump_router_to_string(routerinfo_t *router,
goto err;
}
if (emit_ed_sigs) {
/* Encode ed25519 signing cert */
char ed_cert_base64[256];
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
(const char*)router->signing_key_cert->encoded,
router->signing_key_cert->encoded_len,
BASE64_ENCODE_MULTILINE) < 0) {
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
goto err;
}
tor_asprintf(&ed_cert_line, "identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"%s"
"-----END ED25519 CERT-----\n", ed_cert_base64);
}
/* PEM-encode the onion key */
if (crypto_pk_write_public_key_to_string(router->onion_pkey,
&onion_pkey,&onion_pkeylen)<0) {
@ -2372,6 +2433,69 @@ router_dump_router_to_string(routerinfo_t *router,
goto err;
}
/* Cross-certify with RSA key */
if (tap_key && router->signing_key_cert &&
router->signing_key_cert->signing_key_included) {
char buf[256];
int tap_cc_len = 0;
uint8_t *tap_cc =
make_tap_onion_key_crosscert(tap_key,
&router->signing_key_cert->signing_key,
router->identity_pkey,
&tap_cc_len);
if (!tap_cc) {
log_warn(LD_BUG,"make_tap_onion_key_crosscert failed!");
goto err;
}
if (base64_encode(buf, sizeof(buf), (const char*)tap_cc, tap_cc_len,
BASE64_ENCODE_MULTILINE) < 0) {
log_warn(LD_BUG,"base64_encode(rsa_crosscert) failed!");
tor_free(tap_cc);
goto err;
}
tor_free(tap_cc);
tor_asprintf(&rsa_tap_cc_line,
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"%s"
"-----END CROSSCERT-----\n", buf);
}
/* Cross-certify with onion keys */
if (ntor_keypair && router->signing_key_cert &&
router->signing_key_cert->signing_key_included) {
int sign = 0;
char buf[256];
/* XXXX Base the expiration date on the actual onion key expiration time?*/
tor_cert_t *cert =
make_ntor_onion_key_crosscert(ntor_keypair,
&router->signing_key_cert->signing_key,
router->cache_info.published_on,
MIN_ONION_KEY_LIFETIME, &sign);
if (!cert) {
log_warn(LD_BUG,"make_ntor_onion_key_crosscert failed!");
goto err;
}
tor_assert(sign == 0 || sign == 1);
if (base64_encode(buf, sizeof(buf),
(const char*)cert->encoded, cert->encoded_len,
BASE64_ENCODE_MULTILINE)<0) {
log_warn(LD_BUG,"base64_encode(ntor_crosscert) failed!");
tor_cert_free(cert);
goto err;
}
tor_cert_free(cert);
tor_asprintf(&ntor_cc_line,
"ntor-onion-key-crosscert %d\n"
"-----BEGIN ED25519 CERT-----\n"
"%s"
"-----END ED25519 CERT-----\n", sign, buf);
}
/* Encode the publication time. */
format_iso_time(published, router->cache_info.published_on);
@ -2384,12 +2508,19 @@ router_dump_router_to_string(routerinfo_t *router,
family_line = tor_strdup("");
}
has_extra_info_digest =
! tor_digest_is_zero(router->cache_info.extra_info_digest);
if (has_extra_info_digest) {
if (!tor_digest_is_zero(router->cache_info.extra_info_digest)) {
char extra_info_digest[HEX_DIGEST_LEN+1];
base16_encode(extra_info_digest, sizeof(extra_info_digest),
router->cache_info.extra_info_digest, DIGEST_LEN);
if (!tor_digest256_is_zero(router->extra_info_digest256)) {
char d256_64[BASE64_DIGEST256_LEN+1];
digest256_to_base64(d256_64, router->extra_info_digest256);
tor_asprintf(&extra_info_line, "extra-info-digest %s %s\n",
extra_info_digest, d256_64);
} else {
tor_asprintf(&extra_info_line, "extra-info-digest %s\n",
extra_info_digest);
}
}
if (router->ipv6_orport &&
@ -2411,20 +2542,23 @@ router_dump_router_to_string(routerinfo_t *router,
smartlist_add_asprintf(chunks,
"router %s %s %d 0 %d\n"
"%s"
"%s"
"platform %s\n"
"protocols Link 1 2 Circuit 1\n"
"published %s\n"
"fingerprint %s\n"
"uptime %ld\n"
"bandwidth %d %d %d\n"
"%s%s%s%s"
"%s%s"
"onion-key\n%s"
"signing-key\n%s"
"%s%s"
"%s%s%s%s",
router->nickname,
address,
router->or_port,
decide_to_advertise_dirport(options, router->dir_port),
ed_cert_line ? ed_cert_line : "",
extra_or_address ? extra_or_address : "",
router->platform,
published,
@ -2433,12 +2567,12 @@ router_dump_router_to_string(routerinfo_t *router,
(int) router->bandwidthrate,
(int) router->bandwidthburst,
(int) router->bandwidthcapacity,
has_extra_info_digest ? "extra-info-digest " : "",
has_extra_info_digest ? extra_info_digest : "",
has_extra_info_digest ? "\n" : "",
extra_info_line ? extra_info_line : "",
(options->DownloadExtraInfo || options->V3AuthoritativeDir) ?
"caches-extra-info\n" : "",
onion_pkey, identity_pkey,
rsa_tap_cc_line ? rsa_tap_cc_line : "",
ntor_cc_line ? ntor_cc_line : "",
family_line,
we_are_hibernating() ? "hibernating 1\n" : "",
options->HidServDirectoryV2 ? "hidden-service-dir\n" : "",
@ -2481,7 +2615,24 @@ router_dump_router_to_string(routerinfo_t *router,
tor_free(p6);
}
/* Sign the descriptor */
/* Sign the descriptor with Ed25519 */
if (emit_ed_sigs) {
smartlist_add(chunks, tor_strdup("router-sig-ed25519 "));
crypto_digest_smartlist_prefix(digest, DIGEST256_LEN,
ED_DESC_SIGNATURE_PREFIX,
chunks, "", DIGEST_SHA256);
ed25519_signature_t sig;
char buf[ED25519_SIG_BASE64_LEN+1];
if (ed25519_sign(&sig, (const uint8_t*)digest, DIGEST256_LEN,
signing_keypair) < 0)
goto err;
if (ed25519_signature_to_base64(buf, &sig) < 0)
goto err;
smartlist_add_asprintf(chunks, "%s\n", buf);
}
/* Sign the descriptor with RSA */
smartlist_add(chunks, tor_strdup("router-signature\n"));
crypto_digest_smartlist(digest, DIGEST_LEN, chunks, "", DIGEST_SHA1);
@ -2533,6 +2684,10 @@ router_dump_router_to_string(routerinfo_t *router,
tor_free(onion_pkey);
tor_free(identity_pkey);
tor_free(extra_or_address);
tor_free(ed_cert_line);
tor_free(rsa_tap_cc_line);
tor_free(ntor_cc_line);
tor_free(extra_info_line);
return output;
}
@ -2676,7 +2831,8 @@ load_stats_file(const char *filename, const char *end_line, time_t now,
* success, negative on failure. */
int
extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
crypto_pk_t *ident_key)
crypto_pk_t *ident_key,
const ed25519_keypair_t *signing_keypair)
{
const or_options_t *options = get_options();
char identity[HEX_DIGEST_LEN+1];
@ -2686,18 +2842,45 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
int result;
static int write_stats_to_extrainfo = 1;
char sig[DIROBJ_MAX_SIG_LEN+1];
char *s, *pre, *contents, *cp, *s_dup = NULL;
char *s = NULL, *pre, *contents, *cp, *s_dup = NULL;
time_t now = time(NULL);
smartlist_t *chunks = smartlist_new();
extrainfo_t *ei_tmp = NULL;
const int emit_ed_sigs = signing_keypair && extrainfo->signing_key_cert;
char *ed_cert_line = NULL;
base16_encode(identity, sizeof(identity),
extrainfo->cache_info.identity_digest, DIGEST_LEN);
format_iso_time(published, extrainfo->cache_info.published_on);
bandwidth_usage = rep_hist_get_bandwidth_lines();
if (emit_ed_sigs) {
if (!extrainfo->signing_key_cert->signing_key_included ||
!ed25519_pubkey_eq(&extrainfo->signing_key_cert->signed_key,
&signing_keypair->pubkey)) {
log_warn(LD_BUG, "Tried to sign a extrainfo descriptor with a "
"mismatched ed25519 key chain %d",
extrainfo->signing_key_cert->signing_key_included);
goto err;
}
char ed_cert_base64[256];
if (base64_encode(ed_cert_base64, sizeof(ed_cert_base64),
(const char*)extrainfo->signing_key_cert->encoded,
extrainfo->signing_key_cert->encoded_len,
BASE64_ENCODE_MULTILINE) < 0) {
log_err(LD_BUG,"Couldn't base64-encode signing key certificate!");
goto err;
}
tor_asprintf(&ed_cert_line, "identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"%s"
"-----END ED25519 CERT-----\n", ed_cert_base64);
} else {
ed_cert_line = tor_strdup("");
}
tor_asprintf(&pre, "extra-info %s %s\npublished %s\n%s",
tor_asprintf(&pre, "extra-info %s %s\n%spublished %s\n%s",
extrainfo->nickname, identity,
ed_cert_line,
published, bandwidth_usage);
tor_free(bandwidth_usage);
smartlist_add(chunks, pre);
@ -2757,6 +2940,23 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
}
}
if (emit_ed_sigs) {
char digest[DIGEST256_LEN];
smartlist_add(chunks, tor_strdup("router-sig-ed25519 "));
crypto_digest_smartlist_prefix(digest, DIGEST256_LEN,
ED_DESC_SIGNATURE_PREFIX,
chunks, "", DIGEST_SHA256);
ed25519_signature_t sig;
char buf[ED25519_SIG_BASE64_LEN+1];
if (ed25519_sign(&sig, (const uint8_t*)digest, DIGEST256_LEN,
signing_keypair) < 0)
goto err;
if (ed25519_signature_to_base64(buf, &sig) < 0)
goto err;
smartlist_add_asprintf(chunks, "%s\n", buf);
}
smartlist_add(chunks, tor_strdup("router-signature\n"));
s = smartlist_join_strings(chunks, "", 0, NULL);
@ -2805,7 +3005,8 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
"adding statistics to this or any future "
"extra-info descriptors.");
write_stats_to_extrainfo = 0;
result = extrainfo_dump_to_string(s_out, extrainfo, ident_key);
result = extrainfo_dump_to_string(s_out, extrainfo, ident_key,
signing_keypair);
goto done;
} else {
log_warn(LD_BUG, "We just generated an extrainfo descriptor we "
@ -2827,6 +3028,7 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
smartlist_free(chunks);
tor_free(s_dup);
tor_free(ed_cert_line);
extrainfo_free(ei_tmp);
return result;

View File

@ -92,7 +92,10 @@ int router_pick_published_address(const or_options_t *options, uint32_t *addr);
int router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e);
int router_rebuild_descriptor(int force);
char *router_dump_router_to_string(routerinfo_t *router,
crypto_pk_t *ident_key);
const crypto_pk_t *ident_key,
const crypto_pk_t *tap_key,
const curve25519_keypair_t *ntor_keypair,
const ed25519_keypair_t *signing_keypair);
char *router_dump_exit_policy_to_string(const routerinfo_t *router,
int include_ipv4,
int include_ipv6);
@ -107,7 +110,8 @@ int router_has_addr(const routerinfo_t *router, const tor_addr_t *addr);
int router_has_orport(const routerinfo_t *router,
const tor_addr_port_t *orport);
int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
crypto_pk_t *ident_key);
crypto_pk_t *ident_key,
const ed25519_keypair_t *signing_keypair);
int is_legal_nickname(const char *s);
int is_legal_nickname_or_hexdigest(const char *s);
int is_legal_hexdigest(const char *s);

648
src/or/routerkeys.c Normal file
View File

@ -0,0 +1,648 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "or.h"
#include "config.h"
#include "router.h"
#include "routerkeys.h"
#include "torcert.h"
/**
* Read an ed25519 key and associated certificates from files beginning with
* <b>fname</b>, with certificate type <b>cert_type</b>. On failure, return
* NULL; on success return the keypair.
*
* If INIT_ED_KEY_CREATE is set in <b>flags</b>, then create the key (and
* certificate if requested) if it doesn't exist, and save it to disk.
*
* If INIT_ED_KEY_NEEDCERT is set in <b>flags</b>, load/create a certificate
* too and store it in *<b>cert_out</b>. Fail if the cert can't be
* found/created. To create a certificate, <b>signing_key</b> must be set to
* the key that should sign it; <b>now</b> to the current time, and
* <b>lifetime</b> to the lifetime of the key.
*
* If INIT_ED_KEY_REPLACE is set in <b>flags</b>, then create and save new key
* whether we can read the old one or not.
*
* If INIT_ED_KEY_EXTRA_STRONG is set in <b>flags</b>, set the extra_strong
* flag when creating the secret key.
*
* If INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT is set in <b>flags</b>, and
* we create a new certificate, create it with the signing key embedded.
*
* If INIT_ED_KEY_SPLIT is set in <b>flags</b>, and we create a new key,
* store the public key in a separate file from the secret key.
*
* If INIT_ED_KEY_MISSING_SECRET_OK is set in <b>flags</b>, and we find a
* public key file but no secret key file, return successfully anyway.
*
* If INIT_ED_KEY_OMIT_SECRET is set in <b>flags</b>, do not even try to
* load or return a secret key (but create and save on if needed).
*/
ed25519_keypair_t *
ed_key_init_from_file(const char *fname, uint32_t flags,
int severity,
const ed25519_keypair_t *signing_key,
time_t now,
time_t lifetime,
uint8_t cert_type,
struct tor_cert_st **cert_out)
{
char *secret_fname = NULL;
char *public_fname = NULL;
char *cert_fname = NULL;
int created_pk = 0, created_sk = 0, created_cert = 0;
const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE);
char tag[8];
tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type);
tor_cert_t *cert = NULL;
char *got_tag = NULL;
ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
tor_asprintf(&secret_fname, "%s_secret_key", fname);
tor_asprintf(&public_fname, "%s_public_key", fname);
tor_asprintf(&cert_fname, "%s_cert", fname);
/* Try to read the secret key. */
const int have_secret = try_to_load &&
!(flags & INIT_ED_KEY_OMIT_SECRET) &&
ed25519_seckey_read_from_file(&keypair->seckey,
&got_tag, secret_fname) == 0;
if (have_secret) {
if (strcmp(got_tag, tag)) {
tor_log(severity, LD_OR, "%s has wrong tag", secret_fname);
goto err;
}
/* Derive the public key */
if (ed25519_public_key_generate(&keypair->pubkey, &keypair->seckey)<0) {
tor_log(severity, LD_OR, "%s can't produce a public key", secret_fname);
goto err;
}
}
/* If it's absent and that's okay, try to read the pubkey. */
int found_public = 0;
if (!have_secret && try_to_load) {
tor_free(got_tag);
found_public = ed25519_pubkey_read_from_file(&keypair->pubkey,
&got_tag, public_fname) == 0;
if (found_public && strcmp(got_tag, tag)) {
tor_log(severity, LD_OR, "%s has wrong tag", public_fname);
goto err;
}
}
/* If the secret key is absent and it's not allowed to be, fail. */
if (!have_secret && found_public && !(flags & INIT_ED_KEY_MISSING_SECRET_OK))
goto err;
/* If it's absent, and we're not supposed to make a new keypair, fail. */
if (!have_secret && !found_public && !(flags & INIT_ED_KEY_CREATE))
goto err;
/* if it's absent, make a new keypair and save it. */
if (!have_secret && !found_public) {
const int split = !! (flags & INIT_ED_KEY_SPLIT);
tor_free(keypair);
keypair = ed_key_new(signing_key, flags, now, lifetime,
cert_type, &cert);
if (!keypair) {
tor_log(severity, LD_OR, "Couldn't create keypair");
goto err;
}
created_pk = created_sk = created_cert = 1;
if (ed25519_seckey_write_to_file(&keypair->seckey, secret_fname, tag) < 0
||
(split &&
ed25519_pubkey_write_to_file(&keypair->pubkey, public_fname, tag) < 0)
||
(cert &&
crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
tag, cert->encoded, cert->encoded_len) < 0)) {
tor_log(severity, LD_OR, "Couldn't write keys or cert to file.");
goto err;
}
goto done;
}
/* If we're not supposed to get a cert, we're done. */
if (! (flags & INIT_ED_KEY_NEEDCERT))
goto done;
/* Read a cert. */
uint8_t certbuf[256];
ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
cert_fname, "ed25519v1-cert",
&got_tag, certbuf, sizeof(certbuf));
if (cert_body_len >= 0 && !strcmp(got_tag, tag))
cert = tor_cert_parse(certbuf, cert_body_len);
/* If we got it, check it to the extent we can. */
if (cert) {
int bad_cert = 0;
if (! cert) {
tor_log(severity, LD_OR, "Cert was unparseable");
bad_cert = 1;
} else if (!tor_memeq(cert->signed_key.pubkey, keypair->pubkey.pubkey,
ED25519_PUBKEY_LEN)) {
tor_log(severity, LD_OR, "Cert was for wrong key");
bad_cert = 1;
} else if (tor_cert_checksig(cert, &signing_key->pubkey, now) < 0 &&
(signing_key || cert->cert_expired)) {
tor_log(severity, LD_OR, "Can't check certificate");
bad_cert = 1;
}
if (bad_cert) {
tor_cert_free(cert);
cert = NULL;
}
}
/* If we got a cert, we're done. */
if (cert)
goto done;
/* If we didn't get a cert, and we're not supposed to make one, fail. */
if (!signing_key || !(flags & INIT_ED_KEY_CREATE))
goto err;
/* We have keys but not a certificate, so make one. */
uint32_t cert_flags = 0;
if (flags & INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT)
cert_flags |= CERT_FLAG_INCLUDE_SIGNING_KEY;
cert = tor_cert_create(signing_key, cert_type,
&keypair->pubkey,
now, lifetime,
cert_flags);
if (! cert)
goto err;
/* Write it to disk. */
created_cert = 1;
if (crypto_write_tagged_contents_to_file(cert_fname, "ed25519v1-cert",
tag, cert->encoded, cert->encoded_len) < 0) {
tor_log(severity, LD_OR, "Couldn't write cert to disk.");
goto err;
}
done:
if (cert_out)
*cert_out = cert;
else
tor_cert_free(cert);
goto cleanup;
err:
memwipe(keypair, 0, sizeof(*keypair));
tor_free(keypair);
tor_cert_free(cert);
if (cert_out)
*cert_out = NULL;
if (created_sk)
unlink(secret_fname);
if (created_pk)
unlink(public_fname);
if (created_cert)
unlink(cert_fname);
cleanup:
tor_free(secret_fname);
tor_free(public_fname);
tor_free(cert_fname);
return keypair;
}
/**
* Create a new signing key and (optionally) certficiate; do not read or write
* from disk. See ed_key_init_from_file() for more information.
*/
ed25519_keypair_t *
ed_key_new(const ed25519_keypair_t *signing_key,
uint32_t flags,
time_t now,
time_t lifetime,
uint8_t cert_type,
struct tor_cert_st **cert_out)
{
if (cert_out)
*cert_out = NULL;
const int extra_strong = !! (flags & INIT_ED_KEY_EXTRA_STRONG);
ed25519_keypair_t *keypair = tor_malloc_zero(sizeof(ed25519_keypair_t));
if (ed25519_keypair_generate(keypair, extra_strong) < 0)
goto err;
if (! (flags & INIT_ED_KEY_NEEDCERT))
return keypair;
tor_assert(signing_key);
tor_assert(cert_out);
uint32_t cert_flags = 0;
if (flags & INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT)
cert_flags |= CERT_FLAG_INCLUDE_SIGNING_KEY;
tor_cert_t *cert = tor_cert_create(signing_key, cert_type,
&keypair->pubkey,
now, lifetime,
cert_flags);
if (! cert)
goto err;
*cert_out = cert;
return keypair;
err:
tor_free(keypair);
return NULL;
}
static ed25519_keypair_t *master_identity_key = NULL;
static ed25519_keypair_t *master_signing_key = NULL;
static ed25519_keypair_t *current_auth_key = NULL;
static tor_cert_t *signing_key_cert = NULL;
static tor_cert_t *link_cert_cert = NULL;
static tor_cert_t *auth_key_cert = NULL;
static uint8_t *rsa_ed_crosscert = NULL;
static size_t rsa_ed_crosscert_len = 0;
/**
* Running as a server: load, reload, or refresh our ed25519 keys and
* certificates, creating and saving new ones as needed.
*/
int
load_ed_keys(const or_options_t *options, time_t now)
{
ed25519_keypair_t *id = NULL;
ed25519_keypair_t *sign = NULL;
ed25519_keypair_t *auth = NULL;
const ed25519_keypair_t *sign_signing_key_with_id = NULL;
const ed25519_keypair_t *use_signing = NULL;
const tor_cert_t *check_signing_cert = NULL;
tor_cert_t *sign_cert = NULL;
tor_cert_t *auth_cert = NULL;
#define FAIL(msg) do { \
log_warn(LD_OR, (msg)); \
goto err; \
} while (0)
#define SET_KEY(key, newval) do { \
ed25519_keypair_free(key); \
key = (newval); \
} while (0)
#define SET_CERT(cert, newval) do { \
tor_cert_free(cert); \
cert = (newval); \
} while (0)
#define EXPIRES_SOON(cert, interval) \
(!(cert) || (cert)->valid_until < now + (interval))
/* XXXX support encrypted identity keys fully */
/* First try to get the signing key to see how it is. */
if (master_signing_key) {
check_signing_cert = signing_key_cert;
use_signing = master_signing_key;
} else {
sign = ed_key_init_from_file(
options_get_datadir_fname2(options, "keys", "ed25519_signing"),
INIT_ED_KEY_NEEDCERT|
INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT,
LOG_INFO,
NULL, 0, 0, CERT_TYPE_ID_SIGNING, &sign_cert);
check_signing_cert = sign_cert;
use_signing = sign;
}
const int need_new_signing_key =
NULL == use_signing ||
EXPIRES_SOON(check_signing_cert, 0);
const int want_new_signing_key =
need_new_signing_key ||
EXPIRES_SOON(check_signing_cert, options->TestingSigningKeySlop);
{
uint32_t flags =
(INIT_ED_KEY_CREATE|INIT_ED_KEY_SPLIT|
INIT_ED_KEY_EXTRA_STRONG);
if (! need_new_signing_key)
flags |= INIT_ED_KEY_MISSING_SECRET_OK;
if (! want_new_signing_key)
flags |= INIT_ED_KEY_OMIT_SECRET;
id = ed_key_init_from_file(
options_get_datadir_fname2(options, "keys", "ed25519_master_id"),
flags,
LOG_WARN, NULL, 0, 0, 0, NULL);
if (!id)
FAIL("Missing identity key");
if (tor_mem_is_zero((char*)id->seckey.seckey, sizeof(id->seckey)))
sign_signing_key_with_id = NULL;
else
sign_signing_key_with_id = id;
}
if (need_new_signing_key && NULL == sign_signing_key_with_id)
FAIL("Can't load master key make a new signing key.");
if (want_new_signing_key && sign_signing_key_with_id) {
uint32_t flags = (INIT_ED_KEY_CREATE|
INIT_ED_KEY_REPLACE|
INIT_ED_KEY_EXTRA_STRONG|
INIT_ED_KEY_NEEDCERT|
INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT);
sign = ed_key_init_from_file(
options_get_datadir_fname2(options, "keys", "ed25519_signing"),
flags, LOG_WARN,
sign_signing_key_with_id, now,
options->SigningKeyLifetime,
CERT_TYPE_ID_SIGNING, &sign_cert);
if (!sign)
FAIL("Missing signing key");
use_signing = sign;
} else if (want_new_signing_key) {
static ratelim_t missing_master = RATELIM_INIT(3600);
log_fn_ratelim(&missing_master, LOG_WARN, LD_OR,
"Signing key will expire soon, but I can't load the "
"master key to sign a new one!");
}
tor_assert(use_signing);
/* At this point we no longer need our secret identity key. So wipe
* it, if we loaded it in the first place. */
memwipe(id->seckey.seckey, 0, sizeof(id->seckey));
if (!rsa_ed_crosscert && server_mode(options)) {
uint8_t *crosscert;
ssize_t crosscert_len = tor_make_rsa_ed25519_crosscert(&id->pubkey,
get_server_identity_key(),
now+10*365*86400,/*XXXX*/
&crosscert);
rsa_ed_crosscert_len = crosscert_len;
rsa_ed_crosscert = crosscert;
}
if (!current_auth_key ||
EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop)) {
auth = ed_key_new(use_signing, INIT_ED_KEY_NEEDCERT,
now,
options->TestingAuthKeyLifetime,
CERT_TYPE_SIGNING_AUTH, &auth_cert);
if (!auth)
FAIL("Can't create auth key");
}
/* We've generated or loaded everything. Put them in memory. */
if (! master_identity_key) {
SET_KEY(master_identity_key, id);
} else {
tor_free(id);
}
if (sign) {
SET_KEY(master_signing_key, sign);
SET_CERT(signing_key_cert, sign_cert);
}
if (auth) {
SET_KEY(current_auth_key, auth);
SET_CERT(auth_key_cert, auth_cert);
}
return 0;
err:
ed25519_keypair_free(id);
ed25519_keypair_free(sign);
ed25519_keypair_free(auth);
tor_cert_free(sign_cert);
tor_cert_free(auth_cert);
return -1;
}
/**DOCDOC*/
int
generate_ed_link_cert(const or_options_t *options, time_t now)
{
const tor_x509_cert_t *link = NULL, *id = NULL;
tor_cert_t *link_cert = NULL;
if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL) {
log_warn(LD_OR, "Can't get my x509 link cert.");
return -1;
}
const digests_t *digests = tor_x509_cert_get_cert_digests(link);
if (link_cert_cert &&
! EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop) &&
fast_memeq(digests->d[DIGEST_SHA256], link_cert_cert->signed_key.pubkey,
DIGEST256_LEN)) {
return 0;
}
ed25519_public_key_t dummy_key;
memcpy(dummy_key.pubkey, digests->d[DIGEST_SHA256], DIGEST256_LEN);
link_cert = tor_cert_create(get_master_signing_keypair(),
CERT_TYPE_SIGNING_LINK,
&dummy_key,
now,
options->TestingLinkCertLifetime, 0);
if (link_cert) {
SET_CERT(link_cert_cert, link_cert);
}
return 0;
}
#undef FAIL
#undef SET_KEY
#undef SET_CERT
int
should_make_new_ed_keys(const or_options_t *options, const time_t now)
{
if (!master_identity_key ||
!master_signing_key ||
!current_auth_key ||
!link_cert_cert ||
EXPIRES_SOON(signing_key_cert, options->TestingSigningKeySlop) ||
EXPIRES_SOON(auth_key_cert, options->TestingAuthKeySlop) ||
EXPIRES_SOON(link_cert_cert, options->TestingLinkKeySlop))
return 1;
const tor_x509_cert_t *link = NULL, *id = NULL;
if (tor_tls_get_my_certs(1, &link, &id) < 0 || link == NULL)
return 1;
const digests_t *digests = tor_x509_cert_get_cert_digests(link);
if (!fast_memeq(digests->d[DIGEST_SHA256],
link_cert_cert->signed_key.pubkey,
DIGEST256_LEN)) {
return 1;
}
return 0;
}
#undef EXPIRES_SOON
const ed25519_public_key_t *
get_master_identity_key(void)
{
if (!master_identity_key)
return NULL;
return &master_identity_key->pubkey;
}
const ed25519_keypair_t *
get_master_signing_keypair(void)
{
return master_signing_key;
}
const struct tor_cert_st *
get_master_signing_key_cert(void)
{
return signing_key_cert;
}
const ed25519_keypair_t *
get_current_auth_keypair(void)
{
return current_auth_key;
}
const tor_cert_t *
get_current_link_cert_cert(void)
{
return link_cert_cert;
}
const tor_cert_t *
get_current_auth_key_cert(void)
{
return auth_key_cert;
}
void
get_master_rsa_crosscert(const uint8_t **cert_out,
size_t *size_out)
{
*cert_out = rsa_ed_crosscert;
*size_out = rsa_ed_crosscert_len;
}
/** Construct cross-certification for the master identity key with
* the ntor onion key. Store the sign of the corresponding ed25519 public key
* in *<b>sign_out</b>. */
tor_cert_t *
make_ntor_onion_key_crosscert(const curve25519_keypair_t *onion_key,
const ed25519_public_key_t *master_id_key, time_t now, time_t lifetime,
int *sign_out)
{
tor_cert_t *cert = NULL;
ed25519_keypair_t ed_onion_key;
if (ed25519_keypair_from_curve25519_keypair(&ed_onion_key, sign_out,
onion_key) < 0)
goto end;
cert = tor_cert_create(&ed_onion_key, CERT_TYPE_ONION_ID, master_id_key,
now, lifetime, 0);
end:
memwipe(&ed_onion_key, 0, sizeof(ed_onion_key));
return cert;
}
/** Construct and return an RSA signature for the TAP onion key to
* cross-certify the RSA and Ed25519 identity keys. Set <b>len_out</b> to its
* length. */
uint8_t *
make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
const ed25519_public_key_t *master_id_key,
const crypto_pk_t *rsa_id_key,
int *len_out)
{
uint8_t signature[PK_BYTES];
uint8_t signed_data[DIGEST_LEN + ED25519_PUBKEY_LEN];
*len_out = 0;
crypto_pk_get_digest(rsa_id_key, (char*)signed_data);
memcpy(signed_data + DIGEST_LEN, master_id_key->pubkey, ED25519_PUBKEY_LEN);
int r = crypto_pk_private_sign(onion_key,
(char*)signature, sizeof(signature),
(const char*)signed_data, sizeof(signed_data));
if (r < 0)
return NULL;
*len_out = r;
return tor_memdup(signature, r);
}
/** Check whether an RSA-TAP cross-certification is correct. Return 0 if it
* is, -1 if it isn't. */
int
check_tap_onion_key_crosscert(const uint8_t *crosscert,
int crosscert_len,
const crypto_pk_t *onion_pkey,
const ed25519_public_key_t *master_id_pkey,
const uint8_t *rsa_id_digest)
{
uint8_t *cc = tor_malloc(crypto_pk_keysize(onion_pkey));
int cc_len =
crypto_pk_public_checksig(onion_pkey,
(char*)cc,
crypto_pk_keysize(onion_pkey),
(const char*)crosscert,
crosscert_len);
if (cc_len < 0) {
goto err;
}
if (cc_len < DIGEST_LEN + ED25519_PUBKEY_LEN) {
log_warn(LD_DIR, "Short signature on cross-certification with TAP key");
goto err;
}
if (tor_memneq(cc, rsa_id_digest, DIGEST_LEN) ||
tor_memneq(cc + DIGEST_LEN, master_id_pkey->pubkey,
ED25519_PUBKEY_LEN)) {
log_warn(LD_DIR, "Incorrect cross-certification with TAP key");
goto err;
}
tor_free(cc);
return 0;
err:
tor_free(cc);
return -1;
}
void
routerkeys_free_all(void)
{
ed25519_keypair_free(master_identity_key);
ed25519_keypair_free(master_signing_key);
ed25519_keypair_free(current_auth_key);
tor_cert_free(signing_key_cert);
tor_cert_free(link_cert_cert);
tor_cert_free(auth_key_cert);
master_identity_key = master_signing_key = NULL;
current_auth_key = NULL;
signing_key_cert = link_cert_cert = auth_key_cert = NULL;
}

67
src/or/routerkeys.h Normal file
View File

@ -0,0 +1,67 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_ROUTERKEYS_H
#define TOR_ROUTERKEYS_H
#include "crypto_ed25519.h"
#define INIT_ED_KEY_CREATE (1u<<0)
#define INIT_ED_KEY_REPLACE (1u<<1)
#define INIT_ED_KEY_SPLIT (1u<<2)
#define INIT_ED_KEY_MISSING_SECRET_OK (1u<<3)
#define INIT_ED_KEY_NEEDCERT (1u<<4)
#define INIT_ED_KEY_EXTRA_STRONG (1u<<5)
#define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6)
#define INIT_ED_KEY_OMIT_SECRET (1u<<7)
struct tor_cert_st;
ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,
int severity,
const ed25519_keypair_t *signing_key,
time_t now,
time_t lifetime,
uint8_t cert_type,
struct tor_cert_st **cert_out);
ed25519_keypair_t *ed_key_new(const ed25519_keypair_t *signing_key,
uint32_t flags,
time_t now,
time_t lifetime,
uint8_t cert_type,
struct tor_cert_st **cert_out);
const ed25519_public_key_t *get_master_identity_key(void);
const ed25519_keypair_t *get_master_signing_keypair(void);
const struct tor_cert_st *get_master_signing_key_cert(void);
const ed25519_keypair_t *get_current_auth_keypair(void);
const struct tor_cert_st *get_current_link_cert_cert(void);
const struct tor_cert_st *get_current_auth_key_cert(void);
void get_master_rsa_crosscert(const uint8_t **cert_out,
size_t *size_out);
struct tor_cert_st *make_ntor_onion_key_crosscert(
const curve25519_keypair_t *onion_key,
const ed25519_public_key_t *master_id_key,
time_t now, time_t lifetime,
int *sign_out);
uint8_t *make_tap_onion_key_crosscert(const crypto_pk_t *onion_key,
const ed25519_public_key_t *master_id_key,
const crypto_pk_t *rsa_id_key,
int *len_out);
int check_tap_onion_key_crosscert(const uint8_t *crosscert,
int crosscert_len,
const crypto_pk_t *onion_pkey,
const ed25519_public_key_t *master_id_pkey,
const uint8_t *rsa_id_digest);
int load_ed_keys(const or_options_t *options, time_t now);
int should_make_new_ed_keys(const or_options_t *options, const time_t now);
int generate_ed_link_cert(const or_options_t *options, time_t now);
void routerkeys_free_all(void);
#endif

View File

@ -13,6 +13,7 @@
#define ROUTERLIST_PRIVATE
#include "or.h"
#include "crypto_ed25519.h"
#include "circuitstats.h"
#include "config.h"
#include "connection.h"
@ -38,6 +39,8 @@
#include "routerparse.h"
#include "routerset.h"
#include "sandbox.h"
#include "torcert.h"
// #define DEBUG_ROUTERLIST
/****************************************************************************/
@ -2660,6 +2663,7 @@ routerinfo_free(routerinfo_t *router)
tor_free(router->onion_curve25519_pkey);
if (router->identity_pkey)
crypto_pk_free(router->identity_pkey);
tor_cert_free(router->signing_key_cert);
if (router->declared_family) {
SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
smartlist_free(router->declared_family);
@ -2678,6 +2682,7 @@ extrainfo_free(extrainfo_t *extrainfo)
{
if (!extrainfo)
return;
tor_cert_free(extrainfo->signing_key_cert);
tor_free(extrainfo->cache_info.signed_descriptor_body);
tor_free(extrainfo->pending_sig);
@ -3288,6 +3293,11 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
old_router = router_get_mutable_by_digest(id_digest);
/* Make sure that it isn't expired. */
if (router->cert_expiration_time < approx_time()) {
return ROUTER_CERTS_EXPIRED;
}
/* Make sure that we haven't already got this exact descriptor. */
if (sdmap_get(routerlist->desc_digest_map,
router->cache_info.signed_descriptor_digest)) {
@ -4894,7 +4904,7 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
signed_descriptor_t *sd,
const char **msg)
{
int digest_matches, r=1;
int digest_matches, digest256_matches, r=1;
tor_assert(ri);
tor_assert(ei);
if (!sd)
@ -4907,6 +4917,11 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
digest_matches = tor_memeq(ei->cache_info.signed_descriptor_digest,
sd->extra_info_digest, DIGEST_LEN);
/* Set digest256_matches to 1 if the digest is correct, or if no
* digest256 was in the ri. */
digest256_matches = tor_memeq(ei->digest256,
ri->extra_info_digest256, DIGEST256_LEN);
digest256_matches |= tor_mem_is_zero(ri->extra_info_digest256, DIGEST256_LEN);
/* The identity must match exactly to have been generated at the same time
* by the same router. */
@ -4917,6 +4932,11 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
goto err; /* different servers */
}
if (! tor_cert_opt_eq(ri->signing_key_cert, ei->signing_key_cert)) {
if (msg) *msg = "Extrainfo signing key cert didn't match routerinfo";
goto err; /* different servers */
}
if (ei->pending_sig) {
char signed_digest[128];
if (crypto_pk_public_checksig(ri->identity_pkey,
@ -4943,6 +4963,11 @@ routerinfo_incompatible_with_extrainfo(const routerinfo_t *ri,
goto err;
}
if (!digest256_matches) {
if (msg) *msg = "Extrainfo digest did not match digest256 from routerdesc";
goto err; /* Digest doesn't match declared value. */
}
if (!digest_matches) {
if (msg) *msg = "Extrainfo digest did not match value from routerdesc";
goto err; /* Digest doesn't match declared value. */

View File

@ -118,13 +118,15 @@ WRA_WAS_ADDED(was_router_added_t s) {
* - not in the consensus
* - neither in the consensus nor in any networkstatus document
* - it was outdated.
* - its certificates were expired.
*/
static INLINE int WRA_WAS_OUTDATED(was_router_added_t s)
{
return (s == ROUTER_WAS_TOO_OLD ||
s == ROUTER_IS_ALREADY_KNOWN ||
s == ROUTER_NOT_IN_CONSENSUS ||
s == ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS);
s == ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS ||
s == ROUTER_CERTS_EXPIRED);
}
/** Return true iff the outcome code in <b>s</b> indicates that the descriptor
* was flat-out rejected. */
@ -138,7 +140,8 @@ static INLINE int WRA_NEVER_DOWNLOADABLE(was_router_added_t s)
{
return (s == ROUTER_AUTHDIR_REJECTS ||
s == ROUTER_BAD_EI ||
s == ROUTER_WAS_TOO_OLD);
s == ROUTER_WAS_TOO_OLD ||
s == ROUTER_CERTS_EXPIRED);
}
was_router_added_t router_add_to_routerlist(routerinfo_t *router,
const char **msg,

View File

@ -24,8 +24,11 @@
#include "microdesc.h"
#include "networkstatus.h"
#include "rephist.h"
#include "routerkeys.h"
#include "routerparse.h"
#include "entrynodes.h"
#include "torcert.h"
#undef log
#include <math.h>
@ -69,6 +72,7 @@ typedef enum {
K_CLIENT_VERSIONS,
K_SERVER_VERSIONS,
K_OR_ADDRESS,
K_ID,
K_P,
K_P6,
K_R,
@ -83,6 +87,10 @@ typedef enum {
K_HIDDEN_SERVICE_DIR,
K_ALLOW_SINGLE_HOP_EXITS,
K_IPV6_POLICY,
K_ROUTER_SIG_ED25519,
K_IDENTITY_ED25519,
K_ONION_KEY_CROSSCERT,
K_NTOR_ONION_KEY_CROSSCERT,
K_DIRREQ_END,
K_DIRREQ_V2_IPS,
@ -293,6 +301,12 @@ static token_rule_t routerdesc_token_table[] = {
T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
EQ(1), NEED_OBJ ),
T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
T01("family", K_FAMILY, ARGS, NO_OBJ ),
@ -310,6 +324,8 @@ static token_rule_t routerdesc_token_table[] = {
static token_rule_t extrainfo_token_table[] = {
T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
@ -353,6 +369,7 @@ static token_rule_t rtrstatus_token_table[] = {
T01("v", K_V, CONCAT_ARGS, NO_OBJ ),
T01("w", K_W, ARGS, NO_OBJ ),
T0N("m", K_M, CONCAT_ARGS, NO_OBJ ),
T0N("id", K_ID, GE(2), NO_OBJ ),
T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
END_OF_TABLE
};
@ -490,6 +507,7 @@ static token_rule_t networkstatus_detached_signature_token_table[] = {
static token_rule_t microdesc_token_table[] = {
T1_START("onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024),
T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
T0N("id", K_ID, GE(2), NO_OBJ ),
T0N("a", K_A, GE(1), NO_OBJ ),
T01("family", K_FAMILY, ARGS, NO_OBJ ),
T01("p", K_P, CONCAT_ARGS, NO_OBJ ),
@ -506,6 +524,10 @@ static addr_policy_t *router_parse_addr_policy(directory_token_t *tok,
unsigned fmt_flags);
static addr_policy_t *router_parse_addr_policy_private(directory_token_t *tok);
static int router_get_hash_impl_helper(const char *s, size_t s_len,
const char *start_str,
const char *end_str, char end_c,
const char **start_out, const char **end_out);
static int router_get_hash_impl(const char *s, size_t s_len, char *digest,
const char *start_str, const char *end_str,
char end_char,
@ -637,7 +659,7 @@ router_get_extrainfo_hash(const char *s, size_t s_len, char *digest)
char *
router_get_dirobj_signature(const char *digest,
size_t digest_len,
crypto_pk_t *private_key)
const crypto_pk_t *private_key)
{
char *signature;
size_t i, keysize;
@ -858,8 +880,8 @@ check_signature_token(const char *digest,
tor_free(signed_digest);
return -1;
}
// log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
// hex_str(signed_digest,4));
// log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
// hex_str(signed_digest,4));
if (tor_memneq(digest, signed_digest, digest_len)) {
log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
tor_free(signed_digest);
@ -1106,6 +1128,7 @@ router_parse_entry_from_string(const char *s, const char *end,
size_t prepend_len = prepend_annotations ? strlen(prepend_annotations) : 0;
int ok = 1;
memarea_t *area = NULL;
tor_cert_t *ntor_cc_cert = NULL;
/* Do not set this to '1' until we have parsed everything that we intend to
* parse that's covered by the hash. */
int can_dl_again = 0;
@ -1178,9 +1201,11 @@ router_parse_entry_from_string(const char *s, const char *end,
}
tok = find_by_keyword(tokens, K_ROUTER);
const int router_token_pos = smartlist_pos(tokens, tok);
tor_assert(tok->n_args >= 5);
router = tor_malloc_zero(sizeof(routerinfo_t));
router->cert_expiration_time = TIME_MAX;
router->cache_info.routerlist_index = -1;
router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
router->cache_info.signed_descriptor_len = end-s;
@ -1311,6 +1336,147 @@ router_parse_entry_from_string(const char *s, const char *end,
log_warn(LD_DIR, "Couldn't calculate key digest"); goto err;
}
{
directory_token_t *ed_sig_tok, *ed_cert_tok, *cc_tap_tok, *cc_ntor_tok;
ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
cc_tap_tok = find_opt_by_keyword(tokens, K_ONION_KEY_CROSSCERT);
cc_ntor_tok = find_opt_by_keyword(tokens, K_NTOR_ONION_KEY_CROSSCERT);
int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok +
!!cc_tap_tok + !!cc_ntor_tok;
if ((n_ed_toks != 0 && n_ed_toks != 4) ||
(n_ed_toks == 4 && !router->onion_curve25519_pkey)) {
log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
"cross-certification support");
goto err;
}
if (ed_sig_tok) {
tor_assert(ed_cert_tok && cc_tap_tok && cc_ntor_tok);
const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
if (ed_cert_token_pos == -1 || router_token_pos == -1 ||
(ed_cert_token_pos != router_token_pos + 1 &&
ed_cert_token_pos != router_token_pos - 1)) {
log_warn(LD_DIR, "Ed25519 certificate in wrong position");
goto err;
}
if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
log_warn(LD_DIR, "Ed25519 signature in wrong position");
goto err;
}
if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
goto err;
}
if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
"in decriptor");
goto err;
}
if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
"in decriptor");
goto err;
}
if (strcmp(cc_ntor_tok->args[0], "0") &&
strcmp(cc_ntor_tok->args[0], "1")) {
log_warn(LD_DIR, "Bad sign bit on ntor-onion-key-crosscert");
goto err;
}
int ntor_cc_sign_bit = !strcmp(cc_ntor_tok->args[0], "1");
uint8_t d256[DIGEST256_LEN];
const char *signed_start, *signed_end;
tor_cert_t *cert = tor_cert_parse(
(const uint8_t*)ed_cert_tok->object_body,
ed_cert_tok->object_size);
if (! cert) {
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
goto err;
}
router->signing_key_cert = cert; /* makes sure it gets freed. */
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
! cert->signing_key_included) {
log_warn(LD_DIR, "Invalid form for ed25519 cert");
goto err;
}
ntor_cc_cert = tor_cert_parse((const uint8_t*)cc_ntor_tok->object_body,
cc_ntor_tok->object_size);
if (!ntor_cc_cert) {
log_warn(LD_DIR, "Couldn't parse ntor-onion-key-crosscert cert");
goto err;
}
if (ntor_cc_cert->cert_type != CERT_TYPE_ONION_ID ||
! ed25519_pubkey_eq(&ntor_cc_cert->signed_key, &cert->signing_key)) {
log_warn(LD_DIR, "Invalid contents for ntor-onion-key-crosscert cert");
goto err;
}
ed25519_public_key_t ntor_cc_pk;
if (ed25519_public_key_from_curve25519_public_key(&ntor_cc_pk,
router->onion_curve25519_pkey,
ntor_cc_sign_bit)<0) {
log_warn(LD_DIR, "Error converting onion key to ed25519");
goto err;
}
if (router_get_hash_impl_helper(s, end-s, "router ",
"\nrouter-sig-ed25519",
' ', &signed_start, &signed_end) < 0) {
log_warn(LD_DIR, "Can't find ed25519-signed portion of descriptor");
goto err;
}
crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
strlen(ED_DESC_SIGNATURE_PREFIX));
crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
crypto_digest_free(d);
ed25519_checkable_t check[3];
int check_ok[3];
if (tor_cert_get_checkable_sig(&check[0], cert, NULL) < 0) {
log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
goto err;
}
if (tor_cert_get_checkable_sig(&check[1],
ntor_cc_cert, &ntor_cc_pk) < 0) {
log_err(LD_BUG, "Couldn't create 'checkable' for ntor_cc_cert.");
goto err;
}
if (ed25519_signature_from_base64(&check[2].signature,
ed_sig_tok->args[0])<0) {
log_warn(LD_DIR, "Couldn't decode ed25519 signature");
goto err;
}
check[2].pubkey = &cert->signed_key;
check[2].msg = d256;
check[2].len = DIGEST256_LEN;
if (ed25519_checksig_batch(check_ok, check, 3) < 0) {
log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
goto err;
}
if (check_tap_onion_key_crosscert(
(const uint8_t*)cc_tap_tok->object_body,
(int)cc_tap_tok->object_size,
router->onion_pkey,
&cert->signing_key,
(const uint8_t*)router->cache_info.identity_digest)<0) {
log_warn(LD_DIR, "Incorrect TAP cross-verification");
goto err;
}
/* We check this before adding it to the routerlist. */
if (cert->valid_until < ntor_cc_cert->valid_until)
router->cert_expiration_time = cert->valid_until;
else
router->cert_expiration_time = ntor_cc_cert->valid_until;
}
}
if ((tok = find_opt_by_keyword(tokens, K_FINGERPRINT))) {
/* If there's a fingerprint line, it must match the identity digest. */
char d[DIGEST_LEN];
@ -1402,6 +1568,14 @@ router_parse_entry_from_string(const char *s, const char *end,
} else {
log_warn(LD_DIR, "Invalid extra info digest %s", escaped(tok->args[0]));
}
if (tok->n_args >= 2) {
if (digest256_from_base64(router->extra_info_digest256, tok->args[1])
< 0) {
log_warn(LD_DIR, "Invalid extra info digest256 %s",
escaped(tok->args[1]));
}
}
}
if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
@ -1437,6 +1611,7 @@ router_parse_entry_from_string(const char *s, const char *end,
routerinfo_free(router);
router = NULL;
done:
tor_cert_free(ntor_cc_cert);
if (tokens) {
SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
smartlist_free(tokens);
@ -1503,6 +1678,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
goto err;
}
/* XXXX Accept this in position 1 too, and ed identity in position 0. */
tok = smartlist_get(tokens,0);
if (tok->tp != K_EXTRA_INFO) {
log_warn(LD_DIR,"Entry does not start with \"extra-info\"");
@ -1515,6 +1691,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
extrainfo->cache_info.signed_descriptor_body = tor_memdup_nulterm(s,end-s);
extrainfo->cache_info.signed_descriptor_len = end-s;
memcpy(extrainfo->cache_info.signed_descriptor_digest, digest, DIGEST_LEN);
crypto_digest256((char*)extrainfo->digest256, s, end-s, DIGEST_SHA256);
tor_assert(tok->n_args >= 2);
if (!is_legal_nickname(tok->args[0])) {
@ -1537,6 +1714,87 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
goto err;
}
{
directory_token_t *ed_sig_tok, *ed_cert_tok;
ed_sig_tok = find_opt_by_keyword(tokens, K_ROUTER_SIG_ED25519);
ed_cert_tok = find_opt_by_keyword(tokens, K_IDENTITY_ED25519);
int n_ed_toks = !!ed_sig_tok + !!ed_cert_tok;
if (n_ed_toks != 0 && n_ed_toks != 2) {
log_warn(LD_DIR, "Router descriptor with only partial ed25519/"
"cross-certification support");
goto err;
}
if (ed_sig_tok) {
tor_assert(ed_cert_tok);
const int ed_cert_token_pos = smartlist_pos(tokens, ed_cert_tok);
if (ed_cert_token_pos != 1) {
/* Accept this in position 0 XXXX */
log_warn(LD_DIR, "Ed25519 certificate in wrong position");
goto err;
}
if (ed_sig_tok != smartlist_get(tokens, smartlist_len(tokens)-2)) {
log_warn(LD_DIR, "Ed25519 signature in wrong position");
goto err;
}
if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
goto err;
}
uint8_t d256[DIGEST256_LEN];
const char *signed_start, *signed_end;
tor_cert_t *cert = tor_cert_parse(
(const uint8_t*)ed_cert_tok->object_body,
ed_cert_tok->object_size);
if (! cert) {
log_warn(LD_DIR, "Couldn't parse ed25519 cert");
goto err;
}
extrainfo->signing_key_cert = cert; /* makes sure it gets freed. */
if (cert->cert_type != CERT_TYPE_ID_SIGNING ||
! cert->signing_key_included) {
log_warn(LD_DIR, "Invalid form for ed25519 cert");
goto err;
}
if (router_get_hash_impl_helper(s, end-s, "extra-info ",
"\nrouter-sig-ed25519",
' ', &signed_start, &signed_end) < 0) {
log_warn(LD_DIR, "Can't find ed25519-signed portion of extrainfo");
goto err;
}
crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA256);
crypto_digest_add_bytes(d, ED_DESC_SIGNATURE_PREFIX,
strlen(ED_DESC_SIGNATURE_PREFIX));
crypto_digest_add_bytes(d, signed_start, signed_end-signed_start);
crypto_digest_get_digest(d, (char*)d256, sizeof(d256));
crypto_digest_free(d);
ed25519_checkable_t check[2];
int check_ok[2];
if (tor_cert_get_checkable_sig(&check[0], cert, NULL) < 0) {
log_err(LD_BUG, "Couldn't create 'checkable' for cert.");
goto err;
}
if (ed25519_signature_from_base64(&check[1].signature,
ed_sig_tok->args[0])<0) {
log_warn(LD_DIR, "Couldn't decode ed25519 signature");
goto err;
}
check[1].pubkey = &cert->signed_key;
check[1].msg = d256;
check[1].len = DIGEST256_LEN;
if (ed25519_checksig_batch(check_ok, check, 2) < 0) {
log_warn(LD_DIR, "Incorrect ed25519 signature(s)");
goto err;
}
/* We don't check the certificate expiration time: checking that it
* matches the cert in the router descriptor is adequate. */
}
}
/* We've checked everything that's covered by the hash. */
can_dl_again = 1;
@ -2089,6 +2347,17 @@ routerstatus_parse_entry_from_string(memarea_t *area,
line->microdesc_hash_line = tor_strdup(t->args[0]);
vote_rs->microdesc = line;
}
if (t->tp == K_ID) {
tor_assert(t->n_args >= 2);
if (!strcmp(t->args[0], "ed25519")) {
vote_rs->has_ed25519_listing = 1;
if (strcmp(t->args[1], "none") &&
digest256_from_base64((char*)vote_rs->ed25519_id, t->args[1])<0) {
log_warn(LD_DIR, "Bogus ed25519 key in networkstatus vote");
goto err;
}
}
}
} SMARTLIST_FOREACH_END(t);
} else if (flav == FLAV_MICRODESC) {
tok = find_opt_by_keyword(tokens, K_M);
@ -2913,6 +3182,21 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err;
}
}
if (ns_type != NS_TYPE_CONSENSUS) {
digest256map_t *ed_id_map = digest256map_new();
SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, vote_routerstatus_t *, vrs) {
if (! vrs->has_ed25519_listing ||
tor_mem_is_zero((const char *)vrs->ed25519_id, DIGEST256_LEN))
continue;
if (digest256map_get(ed_id_map, vrs->ed25519_id) != NULL) {
log_warn(LD_DIR, "Vote networkstatus ed25519 identities were not "
"unique");
goto err;
}
digest256map_set(ed_id_map, vrs->ed25519_id, (void*)1);
} SMARTLIST_FOREACH_END(vrs);
digest256map_free(ed_id_map, NULL);
}
/* Parse footer; check signature. */
footer_tokens = smartlist_new();
@ -4210,6 +4494,26 @@ microdescs_parse_from_string(const char *s, const char *eos,
tor_memdup(&k, sizeof(curve25519_public_key_t));
}
smartlist_t *id_lines = find_all_by_keyword(tokens, K_ID);
if (id_lines) {
SMARTLIST_FOREACH_BEGIN(id_lines, directory_token_t *, t) {
tor_assert(t->n_args >= 2);
if (!strcmp(t->args[0], "ed25519")) {
if (md->ed25519_identity_pkey) {
log_warn(LD_DIR, "Extra ed25519 key in microdesc");
goto next;
}
ed25519_public_key_t k;
if (ed25519_public_from_base64(&k, t->args[1])<0) {
log_warn(LD_DIR, "Bogus ed25519 key in microdesc");
goto next;
}
md->ed25519_identity_pkey = tor_memdup(&k, sizeof(k));
}
} SMARTLIST_FOREACH_END(t);
smartlist_free(id_lines);
}
{
smartlist_t *a_lines = find_all_by_keyword(tokens, K_A);
if (a_lines) {

View File

@ -19,7 +19,7 @@ int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
#define DIROBJ_MAX_SIG_LEN 256
char *router_get_dirobj_signature(const char *digest,
size_t digest_len,
crypto_pk_t *private_key);
const crypto_pk_t *private_key);
int router_append_dirobj_signature(char *buf, size_t buf_len,
const char *digest,
size_t digest_len,
@ -91,5 +91,7 @@ STATIC int routerstatus_parse_guardfraction(const char *guardfraction_str,
routerstatus_t *rs);
#endif
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"
#endif

280
src/or/torcert.c Normal file
View File

@ -0,0 +1,280 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "crypto.h"
#include "torcert.h"
#include "ed25519_cert.h"
#include "torlog.h"
#include "util.h"
#include "compat.h"
#include "link_handshake.h"
/** Helper for tor_cert_create(): signs any 32 bytes, not just an ed25519
* key.
*/
static tor_cert_t *
tor_cert_sign_impl(const ed25519_keypair_t *signing_key,
uint8_t cert_type,
uint8_t signed_key_type,
const uint8_t signed_key_info[32],
time_t now, time_t lifetime,
uint32_t flags)
{
tor_cert_t *torcert = NULL;
ed25519_cert_t *cert = ed25519_cert_new();
cert->cert_type = cert_type;
cert->exp_field = (uint32_t) CEIL_DIV(now + lifetime, 3600);
cert->cert_key_type = signed_key_type;
memcpy(cert->certified_key, signed_key_info, 32);
if (flags & CERT_FLAG_INCLUDE_SIGNING_KEY) {
ed25519_cert_extension_t *ext = ed25519_cert_extension_new();
ext->ext_type = CERTEXT_SIGNED_WITH_KEY;
memcpy(ext->un_signing_key, signing_key->pubkey.pubkey, 32);
ed25519_cert_add_ext(cert, ext);
++cert->n_extensions;
}
const ssize_t alloc_len = ed25519_cert_encoded_len(cert);
tor_assert(alloc_len > 0);
uint8_t *encoded = tor_malloc(alloc_len);
const ssize_t real_len = ed25519_cert_encode(encoded, alloc_len, cert);
if (real_len < 0)
goto err;
tor_assert(real_len == alloc_len);
tor_assert(real_len > ED25519_SIG_LEN);
uint8_t *sig = encoded + (real_len - ED25519_SIG_LEN);
tor_assert(tor_mem_is_zero((char*)sig, ED25519_SIG_LEN));
ed25519_signature_t signature;
if (ed25519_sign(&signature, encoded,
real_len-ED25519_SIG_LEN, signing_key)<0) {
log_warn(LD_BUG, "Can't sign certificate");
goto err;
}
memcpy(sig, signature.sig, ED25519_SIG_LEN);
torcert = tor_cert_parse(encoded, real_len);
if (! torcert) {
log_warn(LD_BUG, "Generated a certificate we cannot parse");
goto err;
}
if (tor_cert_checksig(torcert, &signing_key->pubkey, now) < 0) {
log_warn(LD_BUG, "Generated a certificate whose signature we can't check");
goto err;
}
tor_free(encoded);
return torcert;
err:
tor_cert_free(torcert);
ed25519_cert_free(cert);
tor_free(encoded);
return NULL;
}
/**
* Create and return a new new certificate of type <b>cert_type</b> to
* authenticate <b>signed_key</b> using the key <b>signing_key</b>. The
* certificate should remain valid for at least <b>lifetime</b> seconds after
* <b>now</b>.
*
* If CERT_FLAG_INCLUDE_SIGNING_KEY is set in <b>flags</b>, embed
* the public part of <b>signing_key</b> in the certificate.
*/
tor_cert_t *
tor_cert_create(const ed25519_keypair_t *signing_key,
uint8_t cert_type,
const ed25519_public_key_t *signed_key,
time_t now, time_t lifetime,
uint32_t flags)
{
return tor_cert_sign_impl(signing_key, cert_type,
SIGNED_KEY_TYPE_ED25519, signed_key->pubkey,
now, lifetime, flags);
}
/** Release all storage held for <b>cert</>. */
void
tor_cert_free(tor_cert_t *cert)
{
if (! cert)
return;
if (cert->encoded)
memwipe(cert->encoded, 0, cert->encoded_len);
tor_free(cert->encoded);
memwipe(cert, 0, sizeof(tor_cert_t));
tor_free(cert);
}
/** Parse a certificate encoded with <b>len</b> bytes in <b>encoded</b>. */
tor_cert_t *
tor_cert_parse(const uint8_t *encoded, const size_t len)
{
tor_cert_t *cert = NULL;
ed25519_cert_t *parsed = NULL;
ssize_t got_len = ed25519_cert_parse(&parsed, encoded, len);
if (got_len < 0 || (size_t) got_len != len)
goto err;
cert = tor_malloc_zero(sizeof(tor_cert_t));
cert->encoded = tor_memdup(encoded, len);
cert->encoded_len = len;
memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
cert->valid_until = parsed->exp_field * 3600;
cert->cert_type = parsed->cert_type;
for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {
ed25519_cert_extension_t *ext = ed25519_cert_get_ext(parsed, i);
if (ext->ext_type == CERTEXT_SIGNED_WITH_KEY) {
if (cert->signing_key_included)
goto err;
cert->signing_key_included = 1;
memcpy(cert->signing_key.pubkey, ext->un_signing_key, 32);
} else if (ext->ext_flags & CERTEXT_FLAG_AFFECTS_VALIDATION) {
/* Unrecognized extension with affects_validation set */
goto err;
}
}
return cert;
err:
ed25519_cert_free(parsed);
tor_cert_free(cert);
return NULL;
}
/** Fill in <b>checkable_out</b> with the information needed to check
* the signature on <b>cert</b> with <b>pubkey</b>. */
int
tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
const tor_cert_t *cert,
const ed25519_public_key_t *pubkey)
{
if (! pubkey) {
if (cert->signing_key_included)
pubkey = &cert->signing_key;
else
return -1;
}
checkable_out->msg = cert->encoded;
checkable_out->pubkey = pubkey;
tor_assert(cert->encoded_len > ED25519_SIG_LEN);
const size_t signed_len = cert->encoded_len - ED25519_SIG_LEN;
checkable_out->len = signed_len;
memcpy(checkable_out->signature.sig,
cert->encoded + signed_len, ED25519_SIG_LEN);
return 0;
}
/** Validates the signature on <b>cert</b> with <b>pubkey</b> relative to
* the current time <b>now</b>. Return 0 on success, -1 on failure.
* Sets flags in <b>cert</b> as appropriate.
*/
int
tor_cert_checksig(tor_cert_t *cert,
const ed25519_public_key_t *pubkey, time_t now)
{
ed25519_checkable_t checkable;
int okay;
if (now > cert->valid_until) {
cert->cert_expired = 1;
return -1;
}
if (tor_cert_get_checkable_sig(&checkable, cert, pubkey) < 0)
return -1;
if (ed25519_checksig_batch(&okay, &checkable, 1) < 0) {
cert->sig_bad = 1;
return -1;
} else {
cert->sig_ok = 1;
memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
cert->cert_valid = 1;
return 0;
}
}
/** Return a new copy of <b>cert</b> */
tor_cert_t *
tor_cert_dup(const tor_cert_t *cert)
{
tor_cert_t *newcert = tor_memdup(cert, sizeof(tor_cert_t));
if (cert->encoded)
newcert->encoded = tor_memdup(cert->encoded, cert->encoded_len);
return newcert;
}
/** Return true iff cert1 and cert2 are the same cert. */
int
tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
{
tor_assert(cert1);
tor_assert(cert2);
return cert1->encoded_len == cert2->encoded_len &&
tor_memeq(cert1->encoded, cert2->encoded, cert1->encoded_len);
}
/** Return true iff cert1 and cert2 are the same cert, or if they are both
* NULL. */
int
tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2)
{
if (cert1 == NULL && cert2 == NULL)
return 1;
if (!cert1 || !cert2)
return 0;
return tor_cert_eq(cert1, cert2);
}
/** Create new cross-certification object to certify <b>ed_key</b> as the
* master ed25519 identity key for the RSA identity key <b>rsa_key</b>.
* Allocates and stores the encoded certificate in *<b>cert</b>, and returns
* the number of bytes stored. Returns negative on error.*/
ssize_t
tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
const crypto_pk_t *rsa_key,
time_t expires,
uint8_t **cert)
{
uint8_t *res;
rsa_ed_crosscert_t *cc = rsa_ed_crosscert_new();
memcpy(cc->ed_key, ed_key->pubkey, ED25519_PUBKEY_LEN);
cc->expiration = (uint32_t) CEIL_DIV(expires, 3600);
cc->sig_len = crypto_pk_keysize(rsa_key);
rsa_ed_crosscert_setlen_sig(cc, crypto_pk_keysize(rsa_key));
ssize_t alloc_sz = rsa_ed_crosscert_encoded_len(cc);
tor_assert(alloc_sz > 0);
res = tor_malloc_zero(alloc_sz);
ssize_t sz = rsa_ed_crosscert_encode(res, alloc_sz, cc);
tor_assert(sz > 0 && sz <= alloc_sz);
const int signed_part_len = 32 + 4;
int siglen = crypto_pk_private_sign(rsa_key,
(char*)rsa_ed_crosscert_getarray_sig(cc),
rsa_ed_crosscert_getlen_sig(cc),
(char*)res, signed_part_len);
tor_assert(siglen > 0 && siglen <= (int)crypto_pk_keysize(rsa_key));
tor_assert(siglen <= UINT8_MAX);
cc->sig_len = siglen;
rsa_ed_crosscert_setlen_sig(cc, siglen);
sz = rsa_ed_crosscert_encode(res, alloc_sz, cc);
rsa_ed_crosscert_free(cc);
*cert = res;
return sz;
}

76
src/or/torcert.h Normal file
View File

@ -0,0 +1,76 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TORCERT_H_INCLUDED
#define TORCERT_H_INCLUDED
#include "crypto_ed25519.h"
#define SIGNED_KEY_TYPE_ED25519 0x01
#define CERT_TYPE_ID_SIGNING 0x04
#define CERT_TYPE_SIGNING_LINK 0x05
#define CERT_TYPE_SIGNING_AUTH 0x06
#define CERT_TYPE_ONION_ID 0x0A
#define CERT_FLAG_INCLUDE_SIGNING_KEY 0x1
/** An ed25519-signed certificate as used throughout the Tor protocol.
**/
typedef struct tor_cert_st {
/** The key authenticated by this certificate */
ed25519_public_key_t signed_key;
/** The key that signed this certificate. This value may be unset if the
* certificate has never been checked, and didn't include its own key. */
ed25519_public_key_t signing_key;
/** A time after which this certificate will no longer be valid. */
time_t valid_until;
/** The encoded representation of this certificate */
uint8_t *encoded;
/** The length of <b>encoded</b> */
size_t encoded_len;
/** One of CERT_TYPE_... */
uint8_t cert_type;
/** True iff we received a signing key embedded in this certificate */
unsigned signing_key_included : 1;
/** True iff we checked the signature and found it bad */
unsigned sig_bad : 1;
/** True iff we checked the signature and found it correct */
unsigned sig_ok : 1;
/** True iff we checked the signature and first found that the cert
* had expired */
unsigned cert_expired : 1;
/** True iff we checked the signature and found the whole cert valid */
unsigned cert_valid : 1;
} tor_cert_t;
tor_cert_t *tor_cert_create(const ed25519_keypair_t *signing_key,
uint8_t cert_type,
const ed25519_public_key_t *signed_key,
time_t now, time_t lifetime,
uint32_t flags);
tor_cert_t *tor_cert_parse(const uint8_t *cert, size_t certlen);
void tor_cert_free(tor_cert_t *cert);
int tor_cert_get_checkable_sig(ed25519_checkable_t *checkable_out,
const tor_cert_t *out,
const ed25519_public_key_t *pubkey);
int tor_cert_checksig(tor_cert_t *cert,
const ed25519_public_key_t *pubkey, time_t now);
tor_cert_t *tor_cert_dup(const tor_cert_t *cert);
int tor_cert_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
int tor_cert_opt_eq(const tor_cert_t *cert1, const tor_cert_t *cert2);
ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
const crypto_pk_t *rsa_key,
time_t expires,
uint8_t **cert);
#endif

View File

@ -190,3 +190,236 @@ static const char EX_EI_BAD_PUBLISHED_KEY[] =
"BvG6303md3INygg+KP49RvWEJR/cU4RZ9QfHpORxH2OocMyRedw2rLex2E7jNNSi\n"
"52yd1sHFYI8ZQ4aff+ZHUjJUGKRyqpbc8okVbq/Rl7vug0dd12eHAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n";
static const char EX_EI_GOOD_ED_EI[] =
"extra-info emma A692FE045C32B5E3A54B52882EF678A9DAC46A73\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AYgHn/OKR8GHBlscN5VkO73wA9jSci8QgTM30615ZT44AQAgBAC08woT\n"
"MBZpKzRcaoEJhEG7+RmuYtnB2+nODk9IRIs8ZoyYPTZ6dLzI+MLMmtzUuo/Wmvw0\n"
"PflTyCb2RlWitOEhAErWH3Z9UmYGnzM/COId0Fe3ScSriyvRoFnJY1+GVAQ=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"GvmCmIGgbC1DeawRyRuChy62VmBOG0EviryG/a2qSZiFy0iPPwqSp5ZyZDQEIEId\n"
"kkk1zPzK1+S3fmgOAXyXGH0r4YFkoLGnhMk07BoEwi6HEXzjJsabmcNkOHfaOWgs\n"
"/5nvnLfcmxL4c6FstZ7t9VQpE06y3GU0zwBeIy1qjp0=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
;
const char EX_EI_GOOD_ED_EI_FP[] = "A692FE045C32B5E3A54B52882EF678A9DAC46A73";
static const char EX_EI_GOOD_ED_EI_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAM3jdYwjwGxDWYj/vyFkQT7RgeCNIn89Ei6D2+L/fdtFnqrMXOreFFHL\n"
"C7CK2v2uN3v+uXxfb5lADz3NcalxJrCfGTGtaBk7PwMZraTSh2luFKOvSRBQCmB1\n"
"yD5N0QqnIhBJoGr6NITpbWyiTKWvYLjl9PZd9af8e8jQCAa5P1j1AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_MISSING_SIG[] =
"extra-info rachel 2A7521497B91A8437021515308A47491164EDBA1\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AT2/T71LFYHiI1ppwNiuaewIu2Hq+GWWQ85O8gpWcUxeAQAgBAC2dgYu\n"
"moxhtuip7GVlthT9iomZKba1IllVa7uE1u2uO9BUYZQWXciFt7OnNzMH5mlffwxB\n"
"1dWCl+G5nbOsV5jYLbfhrF5afZotf+EQTfob4cCH79AV223LPcySbTHTtQ4=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 20:07:00\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"oypRD2IZQ5EttOE8dvofrW80nnBfijSkvYzBrM6H4KVeayRYvWfmi96dYO6ybMqm\n"
"Yp7Gs3ngqeeNdfHtkRPuQVUXUGYZgBTvYItuagnFlFgRqaHy0knwUIVOL35eqWYx\n"
"xSbQKA7fglxEDMFs/RK7FRP4dWc731ZMt5wzzfJHZ8E=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
;
const char EX_EI_ED_MISSING_SIG_FP[] = "2A7521497B91A8437021515308A47491164EDBA1";
static const char EX_EI_ED_MISSING_SIG_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOOB8ccxbtk2dB5FuKFhGndDcO6STNjB6KiG0b9X2QwKrOZMfmXSigto\n"
"mtC1JfPTxECayRjLSiP/9UD8iTVvlcnc8mMWBGM12Pa/KoCZRn7McHI3JJ7n9lfn\n"
"qw9+iZ9b/rBimzOb3W6k3uxzg9r8secdq4jJwTnwSjTObgxZtC8/AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_MISSING_CERT[] =
"extra-info lynne E88E43E86015345A323D93D825C33E4AD1028F65\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 H4gKIKm5K9Pfkriy7SlMUD6BdYVp6B5mXKzR/rTyYlpH0tEZ4Fx2hlHNfNNdWXJieXzKZQZo8e7SOVzvrAC3CQ\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"dIrbQjK5T9t5KM8CpsMF85hh2i060oPIxzYQMgE1q4j99dtb/n7SE8nhj1Sjij4D\n"
"7JvTjGdLHi3bFSxXaSmla0wxD9PUYFN7VsBQmwSaDrqrzJFb1SGwZuzW1IEZ7BBi\n"
"H0czsxEteg5hcNRwISj5WVthuWmau9v13MijtZGSK40=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
"\n"
;
const char EX_EI_ED_MISSING_CERT_FP[] = "E88E43E86015345A323D93D825C33E4AD1028F65";
static const char EX_EI_ED_MISSING_CERT_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALjA/geb0TR9rp/UPvLhABQpB0XUDYuZAnLkrv+i7AAV7FemTDveEGnc\n"
"XdXNSusO1mHOquvr0YYKPhwauInxD56S8QOzLYiWWajGq8XHARQ33b4/9K2TUrAx\n"
"W9HTHV1U1zrPlCJtrkbjxsYoHpUg5ljzM7FGYGY5xuvyHu18SQvzAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_BAD_CERT1[] =
"extra-info marcie F78D8A655607D32281D02144817A4F1D26AE520F\n"
"identity-ed25519\n"
"-----BEGIN PLAGICAL SPELL-----\n"
"aaaa\n"
"-----END PLAGICAL SPELL\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 KQJ+2AH7EkkjrD0RtDtUAIr+Vc7wndwILYnoUxFLSJiTP+5fMi54eFF/f1OgkG8gYyTh8phMij9WOxK/dsOpBg\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"XWD+P25AH6moi79j20Si3hqKGcJDws+FORL1MTu+GeJLV1mp5CR9N83UH4ffulcL\n"
"CpSSBDL/j74HqapzW7QvBx3FilaNT55GvcobZDFK4TKkCEyEmcuWKpEceBS7JTTV\n"
"SvwZeOObTjWPafELbsc/gI9Rh5Idwu7mZt3ZVntCGaQ=\n"
"-----END SIGNATURE-----\n"
"\n"
;
const char EX_EI_ED_BAD_CERT1_FP[] = "F78D8A655607D32281D02144817A4F1D26AE520F";
static const char EX_EI_ED_BAD_CERT1_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMlR46JhxsCmWYtmIB/JjTV2TUYIhJLmHy+X7FfkK3ZVQvvl9/3GSXFL\n"
"3USfyf3j34XLh8An7pJBi9LAHkIXgnRbglCud7dXoexabmC+c2mSbw5RnuxDGEwz\n"
"krXUph/r2b+2UY1CgEt28nFigaHrIQbCmF4szFX/2GPYCLi5SrRNAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_BAD_CERT2[] =
"extra-info jaeger 7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55Acpw27GZBdwGCgawCj2F/DPadt8F/9DnEWywEew1Yi3qAOtLpCB8KXL7\n"
"4w5deFW2RBg8qTondNSUvAmwYLbLjNXMmgA3+nkoJOP3fcmQMHz1jm5xzgs2lCVP\n"
"t5txApaBIA4=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 DRQ4MLOGosBbW8M+17klNu8uWVkPxErmmEYoSo6OuH2Tzrcs6sUY+8Xi2qLoV1SbOugJ214Htl0I+6ceag+vBA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"DfdA+DbuN9nVJNujuSY5wNCDLk7Hfzkrde/sK0hVmZRvivtpF/Fy/dVQHHGNFY5i\n"
"L1cESAgq9HLdbHU+hcc08XXxTIaGwvoklcJClcG3ENVBWkTXbJNT+ifr7chEagIi\n"
"cVrtU6RVmzldSbyir8V/Z4S/Cm67gYAgjM5gfoFUqDs=\n"
"-----END SIGNATURE-----\n"
;
const char EX_EI_ED_BAD_CERT2_FP[] = "7C2B42E783C4E0EB0CC3BDB37385D16737BACFBD";
static const char EX_EI_ED_BAD_CERT2_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALAM1F/0XJEsbxIQqb3+ObX/yGVnq9of8Q9sLsmxffD6hwVpCqnV3lTg\n"
"iC6+xZ/bSlTGLPi0k8QLCaTmYxgKwmlMPpbQZ4kpZUrsb9flKdChMN7w8hd48pY9\n"
"lu8QiAEgErsl5rCCJIHHjrxxM/Cnd0TnedRnj/Z2YqpNx/ggsmsRAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_BAD_SIG1[] =
"extra-info vary 5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AbPp++GrRb6WphSu+PkMaYsqY/beiLBmtiV3YP5i2JkKAQAgBABKXjg1\n"
"aiz2JfQpNOG308i2EojnUAZEk0C0x9g2BAAXGL63sv3eO/qrlytsG1x2hkcamxFn\n"
"LmfZBb/prqe1Vy4wABuhqWHAUtM29vXR6lpiCJeddt9Pa8XVy/tgWLX6TAw=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 a7K8nwfg+HrdlSGQwr9rnLBq0qozkyZZs6d6aiLEiXGdhV1r9KJncmlQ5SNoY/zMQlyQm8EV5rCyBiVliKQ1Bw\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"xhZX8Qmgft51NJ7eMd4vrESzf/VdxDrBz7hgn8K+5bLtZUksG0s6s7IyGRYWQtp4\n"
"/7oc9sYe3lcQiUN2K7DkeBDlL8Pcsl8aIlKuujWomCE3j0TIu+8XK6oJeo7eYic+\n"
"IA7EwVbdZsKsW5/eJVzbX2eO0a5zyJ5RIYotFNYNCSE=\n"
"-----END SIGNATURE-----\n"
"\n"
;
const char EX_EI_ED_BAD_SIG1_FP[] = "5AC3A538FEEFC6F9FCC5FA0CE64704396C30D62A";
static const char EX_EI_ED_BAD_SIG1_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMvb6SuoIkPfBkJgQuo5aQDepAs1kEETZ9VXotMlhB0JJikrqBrAAz+7\n"
"rjIJ4JsBaeQuN0Z5ksXk2ebxtef7oMIUs37NfekLQHbNR0VsXkFXPEGmOAqpZjW0\n"
"P524eHqybWYZTckvZtUvKI3xYGD6kEEkz4qmV6dcExU1OiAYO9jrAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_BAD_SIG2[] =
"extra-info coward 7F1D4DD477E340C6D6B389FAC26EDC746113082F\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf56AZkSDiFZ1QaiLJhcKdFDE5Kei/sPaPEIEoPMGP4BvOVXAQAgBAAlRLzx\n"
"U029tgIL9BRe47MVgcPJGy48db6ntzhjil7iOnWKT70z2LorUD5CZoLJs72TjB6r\n"
"8+HYNyFLEM6dvytWZf9NA5gLdhogbFcUk/R3gbNepmCF7XoZjbhPIp8zOwg=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 20:07:00\n"
"router-sig-ed25519 yfV+GySMIP1fw1oVa1C1de4XOWBqT4pUtEmSHq1h+WrLBNCh3/HZWvNC/denf2YVntuQrMLCJEv5ZaFKU+AIDQ\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"g+BWq69i9CP19va2cYMAXCQ6jK3IG0VmNYspjjUFgmFpJKGG6bHeOkuy1GXp47fG\n"
"LzZ3OPfJLptxU5AOQDUUYf25hu9uSl6gyknCzsszFs5n6ticuNejvcpzw6UfO1LP\n"
"5u+mGJlgpcMtmSraImDZrRipmZ3oRWvEULltlvzGQcQ=\n"
"-----END SIGNATURE-----\n"
"\n"
;
const char EX_EI_ED_BAD_SIG2_FP[] = "7F1D4DD477E340C6D6B389FAC26EDC746113082F";
static const char EX_EI_ED_BAD_SIG2_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALzOyfCEUZnvCyhlyMctPkdXg/XRE3Cr6QgyzdKf5kQbUiu2n0FgSHOX\n"
"iP5gfq8sO9eVeTPZtjE7/+KiR8aQJECy+eoye+lpsfm3tXpLxnpOIgL4DlURxlo/\n"
"rfCyv30SYBN9j62qgU9m6U2ydI0tH7/9Ep8yIY/QL8me8VAjLbf/AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_MISPLACED_CERT[] =
"extra-info msselene 3B788BD0CE348BC5CED48313307C78175EB6D0F3\n"
"published 2014-10-05 20:07:00\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AWBcqjzLESDuLNGsqQ/tHn32XueXwj2fDlgEy/kQNVf/AQAgBAAFOegg\n"
"XY1LR82xE9ohAYJxYpwJJw0YfXsBhGHqfakEoBtSgFJ3cQAUXZQX4lX6G8IxAlQB\n"
"7Rj7dPQuQRUmqD1yyKb/ScBgCa8esxlhNlATz47kRNR38A3TcoJ4c1Zv6AE=\n"
"-----END ED25519 CERT-----\n"
"router-sig-ed25519 Q52JKH9/iMsr1jIPlWHHxakSBvyqjT1gzL944vad4OhzCZuNuAYGWyWSGzTb1DVmBqqbAUq73TiZKAz77YLNCQ\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"YplvAIwExGf5/L8AoroVQXtGm+26EffrxKBArMKn0zS1NOOie1p0oF/+qJg+rNWU\n"
"6cv3Anf188EXGlkUOddavgVH8CQbvve2nHSfIAPxjgEX9QNXbM5CiaMwgpCewXnF\n"
"UoNBVo5tydeLHVns15MBg/JNIxUQMd6svMoPp2WqmaE=\n"
"-----END SIGNATURE-----\n"
"\n"
;
const char EX_EI_ED_MISPLACED_CERT_FP[] = "3B788BD0CE348BC5CED48313307C78175EB6D0F3";
static const char EX_EI_ED_MISPLACED_CERT_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALTwNqhTprg1oC6bEbDqwIYBoER6prqUXQFbwbFDn+ekXhZj8vltgGwp\n"
"aDGl9ceZWDKfi+reR6rZXjAJGctmv0VHkfe7maUX4FC/d2T8N8DvS+3IvJzFMpbT\n"
"O0fFrDTrCSnPikqFfQWnlP8yoF5vO7wo0jRRY432fLRXg9WqVzdrAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;
static const char EX_EI_ED_MISPLACED_SIG[] =
"extra-info grazie 384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AcGuIBoa6TBqD8Gg5atcwp/+r9ThxIBkULmPv9OSGhv+AQAgBACXH13y\n"
"mUvdpcN6oRN1nX6mnH40LyfYR5um8xogJZk3oINse5cRNrfMgVWiBpDlJZAwlDDa\n"
"lx99hzuZBong+CiOcnEvLMsBaVJmNTm5mpdetYclZpl0g8QEXznXXeRBMgM=\n"
"-----END ED25519 CERT-----\n"
"router-sig-ed25519 TxuO86dQ3pUaIY2raQ3hoDBmh4TTPC0OVgY98T5cf6Y+sHyiELCkkKQ3lqqXCjqnbTLr1/4riH980JoWPpR+Dw\n"
"published 2014-10-05 20:07:00\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"kV2CtArl1VF1nUSyHL00mO3nEdNxlQU5N7/hZNTd+45lej5Veb+6vb4ujelsFERJ\n"
"YoxwIs6SuKAR4orQytCL0e+GgZsrg8zGTveEtMX/+u//OcCwQBYEevR5duBZjVw/\n"
"yzpEHwdIdB2PPyDBLkf1VKnP7uDj059tXiQRWl7LXgE=\n"
"-----END SIGNATURE-----\n"
"\n"
;
const char EX_EI_ED_MISPLACED_SIG_FP[] = "384E40A5DEED4AB1D8A74F1FCBDB18B7C24A8284";
static const char EX_EI_ED_MISPLACED_SIG_KEY[] =
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAK0HgOCG/6433VCrwz/vhk3cKmyOfenCp0GZ4DIUwPWt4DeyP4nTbN6T\n"
"1HJ1H8+hXC9bMuI4m43IWrzgLycQ9UaskUn372ZjHP9InPqHMJU6GQ7vZUe9Tgza\n"
"qnBdRPoxnrZzUOzlvatGrePt0hDiOZaMtDAkeEojFp9Wp2ZN7+tZAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
;

View File

@ -666,3 +666,904 @@ static const char EX_RI_ZERO_ORPORT[] =
"wgFKhHI/49NHyWHX5IMQpeicg0T7Qa6qwnUvspH62p8=\n"
"-----END SIGNATURE-----\n"
;
static const char EX_RI_MINIMAL_ED[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf5iAa+2yD5ryD5kXaWbpmzaTyuTjRfjMTFleDuFGkHe26wrAQAgBABFTAHm\n"
"hdZriC+6BRCCMYu48cYc9tUN1adfEROqSHZN3HHP4k/fYgncoxrS3OYDX1x8Ysm/\n"
"sqxAXBY4NhCMswWvuDYgtQpro9YaFohiorJkHjyLQXjUeZikCfDrlxyR8AM=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOsjlHgM/lPQgjJyfrq0y+cR+iipcAeS2HAU8CK9SATETOTZYrxoL5vH\n"
"1BNteT+JxAxpjva+j7r7XZV41xPDx7alVr8G3zQsjqkAt5NnleTfUREUbg0+OSMV\n"
"10gU+DgcZJTMehfGYJnuJsF4eQHio/ZTdJLaZML7qwq0iWg3sZfBAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAK9NjRY7GtAZnlxrAZlImChXmGzml0uk2KlCugvju+eIsjSA/zW3LuqW\n"
"wqp7Kh488Ak5nUFSlCaV9GjAexT134pynst8P0m/ofrejwlzl5DHd6sFbR33Fkzl\n"
"H48zic0QDY+8tKXI732dA4GveEwZDlxxy8sPcvUDaVyTsuZLHR4zAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key 71DgscFrk4i58O5GuTerI9g3JL0kz+6QaCstAllz9xw=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf5iAUVMAeaF1muIL7oFEIIxi7jxxhz21Q3Vp18RE6pIdk3cAH5ijeKqa+LM\n"
"T5Nb0I42Io4Z7BVjXG7sYVSxrospCOI4dqkl2ln3BKNuEFFT42xJwt+XGz3aMyK2\n"
"Cpp8w8I8nwU=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"lAZwD6YVic61NvJ0Iy62cSPuzJl5hJOFYNh9iSG/vn4/lVfnnCik+Gqi2v9pwItC\n"
"acwmutCSrMprmmFAW1dgzoU7GzUtdbxaGaOJdg8WwtO4JjFSzScTDB8R6sp0SCAI\n"
"PdbzAzJyiMqYcynyyCTiL77iwhUOBPzs2fXlivMtW2E=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 Oyo/eES+/wsgse1f+YSiJDGatBDaiB4fASf7vJ7GxFeD4OfLbB7OYa4hYNEo5NBssNt/PA55AQVSL8hvzBE3Cg\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"wdk26ZtS1H81IxcUThyirANLoszrnYYhOMP57YRAUDEzUr88X6yNDZ5S0tLl+FoT\n"
"9XlEVrpN7Z3k4N9WloWb0o/zVVidPMRVwt8YQakSgR8axzMQg6QhQ6zXTiYhiXa4\n"
"mawlwYFXsaVDSIIqYA2CudIyF3UBRZuTbw0CFZElMWc=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_MISSING_CROSSCERT[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AfsyyHhGluzfESzL4LP8AhFEm83+GkFoHbe1KnssVngHAQAgBABNzJRw\n"
"BLXT3QMlic0QZ4eG612wkfSRS4yzONIbATKLHIgyzgGiGl4gaSX0JTeHeGfIlu7P\n"
"5SKocZVNxm1mp55PG+tgBqHObDRJRSgbOyUbUgfOtcbQGUeVgUlFKWZ9FAY=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMqT7K8cEzWIaPNXbNgvoZ5ejavoszI2OjW9XXetPD/S2f+N7TfQXHBW\n"
"bnjpgj87gmk59w0OXTMCv+XofZ0xOy2YR/jG5l1VJIvqgJhhFJ8oSEGVzy+97Ekn\n"
"Lb1FEYuVfVxSxnU2jhHW6KPtee/gvuyRI/TvZuwmYWxLRpikVn4pAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAM4nITNe8UykgsIuo5czSSSl3Okr1K+UVWTzDGLznDg77MkLy7mydmk9\n"
"vf51OB+ogQhozYKIh9uHvecOzY4EhSIuKhui4hNyQklD9juGoW7RVTSpGdYT1ymp\n"
"dDYS30JBPwCZ7KjdMtXiU8ch2WgbzYBuI+JfjwOhfcsuNC9QPfbfAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key lx8o212IYw5Ly2KbH2ua1+fr4YvDq5nKd7LHMdPzTGo=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
"Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
"mjQFK4AtRwg=\n"
"-----END ED25519 CERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"cv1yL8HhQzQfjzkSosziu2kMecNUQGle4d103h6tVMoZS1ua1xiDpVKeuWPl9Z0+\n"
"wpFwRkOmK0HpNeOXCNHJwfJaWBGQXunB3WQ6Oi1BLilwLtWQixGTYG0hZ6xYLTnX\n"
"PdSQIbsohSgCzo9HLTAgTnkyBgklIO1PHJBJsaNOwfI=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_MISSING_CROSSCERT2[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AXXgm0CUWQr+rxvgdIslqaFdBiwosT+9PaC8zOxYGIsZAQAgBAA6yeH7\n"
"3AfGIGuDpVihVUUo0QwguWDPwk2dBJan7B0qgPWF5Y4YL5XDh2nMatskUrtUGCr1\n"
"abLYlJPozmYd6QBSv6eyBfITS/oNOMyZpjDiIjcLQD08tVQ2Jho+WmN64wc=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMdyTK/VPZloLUaLsvj1+NOFs33/E9HmA0VgvZ1nNUrR+PxSR71QF7Tw\n"
"DKz+/p2rJE+MPfQ/Na3dH0vH4CDZ+FH2m4A8SB9emF8aKxdc/7KCjQNDQCNlEQYn\n"
"O9WvZJhbNPHUmX0z4OotI+Sk3qBzVHu0BGDsPYC9gwszIumDUILxAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAL8o6CJiLfW4vdRFvJ2nFt/H/ei0ov83rilOuwSmNORmL9lvnHY++HrD\n"
"dmEEvBv74xqWJxGbJ6OQ3VOwRpf2X/cb4gAvsQDqDmNwpJsrPYRQVXp/KY/8z7bJ\n"
"dM4CjcsuJHHmj3yc3iCzgqt/Xr6vR24X4bee12/bP7R8IETvWoiHAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key qpNEGrLMVn28Odonk/nDtZq1ljy0fBshwgoAm4X1yzQ=\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"i4RKGIeaUrO6nzfdtb6j+ijYJh1Vgc9bsHMpW9cVCOjoJKFW9xljgl9xp6LytviN\n"
"ppKYCt9/JflbZUZjny34ESltPGrdquvHe8TtdQazjiZBWQok/kKnx2i+PioRF/xI\n"
"P8D0512kbJjXSuuq9tGl94RKPM/ySGjkTJPevN4TaJE=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 pMAOpepn5Q9MxcV9+Yiftu50oBzBsItQcBV9qdZCIt3lvSFqFY9+wJjaShvW3N9ICHkunrC0h/w5VEfx4SQdDA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"Du5fJYDzvEeGqKTJwgaQsJJgz39K/J4qEM2TZ3Mh0XuDM1ZWDtjyzP03PaPQqbJ1\n"
"FsN5IStjOqN3O1IWuLzGaZGpGVuqcyYOxjs7REkGQn2LfqCjpzjaAdcsL0fI4ain\n"
"o/in8GQ6S/qhsx8enKlN0tffTmWmH9bmmVz0+yYmBSo=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_MISSING_CROSSCERT_SIGN[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AfoVFYuJnDNBWbjbTqfXACUtXWPipmqEYC++Ok/+4VoFAQAgBADH7JzI\n"
"fjSMV158AMiftgNY+KyHYIECuL9SnV3CSO+8+I7+r9n+A3DQQmGLULo/uZnkbteJ\n"
"+uy6uRG4kW0fnuBlKhseJQm9hjNGWzC8hmebp1M+bxwG41EGI7BZvnTrRgM=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALEqlijoFIDX1y1i5zfei8DuDIsFtSw56PGgnMRGcybwD1PRQCheCUZM\n"
"erQgFCWjgLgvGJERBK/oILW1dFXp4MAR5RgnrPGTfWTinCj32obMLN1gIczpq6a9\n"
"P9uv6Cz0ApSxpA/AuvjyAZwQKbUXuMvIY4aTprAKSqqVohk6E+E1AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMZbbBjGV7xPri4XNmejq4add93p+XsWlsfbM930bcC2JZiwg4g4cq6W\n"
"idl8VDmCXeaWg5y3kb82Ch/Q9vPG0QYQbXxUA3JxQKKbcEK3QsEvqQh8Nb7krILK\n"
"YnSGAnLG2Nc3PnKb7Wpb8M3rAysC5O99Gq1mSfm8ntj3zlIM7NSHAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key CYcpfIF4T9PJcfROfVJTUYl0zNd4Ia5u0L9eng/EBSo=\n"
"ntor-onion-key-crosscert\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AcfsnMh+NIxXXnwAyJ+2A1j4rIdggQK4v1KdXcJI77z4AMRc2LxiKbyr\n"
"fqRVynHuB031C4TN/HAlNPBjVoRvQRgzpiyyoyCqMDxLZdM8KtzdLLeqZJOXtWod\n"
"UXbYG3L70go=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"BRwRAK2lWxWGS49k8gXFHLEQ/h4k8gOQxM0WgCaN4LjAOilLHFjsjXkmKgttVpHl\n"
"f0V9ebSf+HgkpQnDSD8ittnr/0QaohUbD4lzslW4e/tQYEiM46soSoFft85J6U3G\n"
"D3D63+GmaOfIaa4nv7CD0Rw/Jz0zTuyEuARsdJIr1IY=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 7XfV5r7FXbXPEvrxlecWmAJxat/6VT+/4tE5cHrQnvLM4zslysstWH6/AfIfcmUuDlQ0watmfg1MvVnjavcfDA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"eigLL3S/oMGL2tJULt9bl3S0iY+YIxdKeGFCcKZci59zD786m+n+BpGM3yPpvrXr\n"
"bGvl4IBqCa1I+TqPP1rM9lIEcUWaBT7Zo5uMcL1o+zZl1ZWPWVVKP5hC5ehDueu8\n"
"/blzNhTEFAp23ftDK9PnFf+bXxqbgKkEoZsxnd3e9Ns=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_SIG1[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AR8QC+SNBpPOTVY198IQBANNwZjy+SBqQNxfzjEmo204AQAgBABjz4FP\n"
"zW/G+fu7YirvANvvqJeb7S1YYJnf6IrPaPsPRzDqJcO3/sTzFC5OSb9iJmzQAWnn\n"
"ADPOl+nOJC58XJnJ7CUJdPtyoVdMvUiUT/Jtg4RuCN1iDaDYaTh2VavImAY=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAKuLC0kzCBTV6+WPZcAOQPKjqbjvMIyaehIQS1o90dYM+Tosrhtk3bw8\n"
"QBLMaiWL3kfIWPZuWi2ai40dmqAXMrXH3yBgKRNZ6zZSbUUuJ1IknqmrQ2PKjC/p\n"
"sIW2awC6Tq+zrZ7vntDb02zY857vP59j8eolTDg1Vvn6l2ieL+WhAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMnBQPOJBQLZ3NAa70n6lGZGvS3DYZFNOZ2QnHVeVvOSFIFsuvHtnUdX\n"
"svDafznYAuRFRVqJS2xtKKGu0cmy6ulEbBF+4uAEMwQY7dGRPMgVF1Z33U0CSd08\n"
"ChCJGPTE7tGGuoeSIGN3mfC4z2v9SP3McBdAiLHisPzaUjfRTcwRAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key W8fUvBpKBoePmqb70rdJUcRT0NhELDWH7/BSXJtkXS0=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AWPPgU/Nb8b5+7tiKu8A2++ol5vtLVhgmd/ois9o+w9HAAPwWqmL0HXa\n"
"bYKrKPWQYnpQHQ3Ty0MmCgj3ABF940JURnV161RlN8CRAOJaeQ0Z8wBRLFC1NqLT\n"
"+GVdtewGeQA=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"x0vT5Wv7Guc0/Vu2BqomWwenh8oda9+8K/7ILi5GQL/WC29Tj51i0EE7PVSnSMJ7\n"
"33I/V+N5neauqWnbg7TxYaLsPfr6SpPTpBL1Xt0OiwT1//PvPYZ1gCcF3ig3KcfI\n"
"mreQd5C5Vri6ukWkMtz/zNDaDpDanzaNXTdaUXmFHF4=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dg\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"Hci/Br1+NNymDZBmQy1QWMlCeLe8Z1vtZ2ZTj42jDhWg1OC/v72ptI072x4x5cmi\n"
"X3EONy8wQUvTNowkfG6/V/B768C7FYJYBId1GAFZZymXnON9zUYnE3z1J20eu6l6\n"
"QepmmdvRmteIHMQ7HLSrBuDuXZUDJD0yXm6g8bMT+Ek=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_SIG2[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AW8fyx54c7vQQA/AmShAitFP7XI1CLdifEVPSrFKwYq6AQAgBAChqjVA\n"
"/wKKJZ30BIQoXe5+QMiPR6meNxF1lBttQ2t5AhauZbH5XzRhZkdGo114wuyPNEM9\n"
"PrBwp5akTtari9doVy6gs3McqdoIbRdWevpaGj5g5oOEOtA9b5UNWQSwUAs=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALp0Croi9zhpGxi9sUj54jr/flZdzxVVS+8VNldJG2c1soSx8kwlwotu\n"
"7mGGudJDAzDHGo5F5CCPEfQov2OmDehpefYUz/AaMLly6PrLRJlcUcpLogGf1+KU\n"
"1lLwE8kanXUkgvDhVQiFvNjy2Dxxuv3AHH4WdZZfbMbm8FJRGoHzAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMoI9vQT4g2sV2dViGOWOzxckk367T9sMjVwcYfJCmnixGxjWeKScQFB\n"
"K9v1uK73cfZR8AxiUGK4/iOX/9en14mJOGF7fftAqypFLAt1TBvb07IgXljOBoHc\n"
"Paw4oZoJQzEoazt0Oa181LyNnNIoaZpHVZd1+a1Gs1gKoM4xDBv1AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key KjyvXYkMcpke5ZsUYf2gZAUNeEoz8NAwYoQvvbcDGiw=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AaGqNUD/AoolnfQEhChd7n5AyI9HqZ43EXWUG21Da3kCAI6MRHm7GpCF\n"
"/3zDGR/6jKe625uFZX9HpLt6FgAdGSJeMQ9W4Np9VkrFXAB3gvh7xxRzSgZ1rXgR\n"
"lUomgi7N1gc=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"xJXvCCpP4ExBuT3OTsdn2HJB0HidupmQq5zBh8fx/ox6+047ZBOM7+hVxxWapcMg\n"
"PMXbcLD4L/FCBpA/rjnFUE/9kztdq7FH/rOdi0nB6FZWhwDcsZuyfvbnDTxz5iHJ\n"
"87gd5nXA5PE649SRCxW5LX0OtSiPFPazu4KyyBgnTIM=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"tk4kBNYqB8utOmX30HrV8YfnwBXYODIiL3M/juRS6nPn0uvbW7pjoZ3ck/ahgW+6\n"
"FNQsgTJnEADCWS1r6v7PcvzQjtrOUUpNxGJxYw1r8yZkvmIxSQD6GMzuTxq7o1VA\n"
"/wZYDLonLhCWRdPjxnrl12+z92NdyISJCHMLRVqs2QY=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_SIG3[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf54AYYiKZrFWZ/Cj5mZbfK11MZHYbwchllsUl4qPqY9gfi6AQAgBAB4irxT\n"
"86FYA0NbZssSTmfyG6Edcf0ge61OwB4QD35kHCrvuZk2HnmL+63Tj4QoFqIVnwVC\n"
"3wRGJGcmS7y+vS64GUXbuyTgqgpl/KuoHo5Aqe6IxJlVWYtU6W0M6FV9tAM=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMUEvXTVTl5xkQ2MTEsB4sXQ3MQkz8sQrU63rlqglpi1yUv24fotjzvE\n"
"oJpeKJBwwg5WBW/fW0bUDJF2cOHRHkj/R4Is3m+2PR1Kn3UbYfxNkFkTE11l099V\n"
"H6xlsi0TJOJKlgrcbSuB7se2QctZVhwsdsJvFRptC9Qd+klAPb7tAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMooTeSUX7GPoyklSd1/6cF1u8e2LbjOLIpZrMon0Xt7c/aNwlrG9rVo\n"
"TSokHs3AQ2H2XIceySVRRWR4AdX9KApO4CX0gGTuVUmq6hFJWMnHdAs2mKL0kt1w\n"
"I+YWzjUqn4jIVa2nMbyHVQWzIysWwWiO4yduIjAYpBbWd9Biew4BAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key BN0I+pLmFkDQD5iRsdkcped4eZwGIuXnLiX2K0Zoi2I=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AXiKvFPzoVgDQ1tmyxJOZ/IboR1x/SB7rU7AHhAPfmQcAOrIvaG/xJqe\n"
"adM6mai+FlV8Dbt6QrXTcNHJU1m+CUDthA9TPTAYz9D8W0mTEQ6KEAKGfQrNLy2r\n"
"G1B+9wWSpA4=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
"JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
"M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 abcdvEzGFYMcJ/Ea7sbessW1qRJmnNNo2Khkkl0rEEgtLX0b4L4MMhK/ktS52Y6jX3PRQWK5PZc6gjV7Jaldh+g0Aw\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"Vyj7g3eQ3K4+tm49fJkAtsAYnYHcEiMnlucYCEPeKojzYStNfZwQO2SG5gsoBIif\n"
"urgQZ/heaF4uiGFg64UFw08doXqQkd5SHO3B4astslITvmq0jyaqzSXhdB5uUzvp\n"
"QCR0fqGLVS1acUiqGbRr4PiZ9G7OJkm230N3rGdet+0=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_SIG4[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AaEnncX/t0cbLm1xrtlUpkXghaA8fVuV7g1VF3YNfCaIAQAgBAC7Ki3S\n"
"zzH9Aezz5X4fbwHeF+BQEDfVasfyTxTI4fhRi7t3RxHzBJd60uEMXy2FchD8VO5d\n"
"j4Dl7R4btrohPVSVBQZuemBQSW6g3ufNl0txpFWu0R7vBPTFH6oyXYfY9gQ=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALGKwzhOui2/jJPjU1ngW5IZRPcoDk7RAfGDO4xaef4VfAFHCV9CQO1c\n"
"/wQ09CcRdggTvUcv9hJTGJhSObUUooCkxw4/35f/A6/NoW1Gi0JqF9EsQWHpuAfr\n"
"n/ATlJQ9oGdTCNDq/BXSPWXhoI6UhUe0wiD4P4x4QwaYHcZh+lE5AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOKrizVm2h5/jE/HqqLCBLWJZVVoGspasCtDDqHhSqsPzyjpqa52iMKi\n"
"q/deJ92le3J2NJRGKxPmPQqWxwhIjnMS5kUMoW182iLpO/G9qyPZ0dh6jXB0NBLF\n"
"ySfW6V2s3h4G4D2P+fqnsnzQnAX7YufkvgDau/qTWi2CqD0CjavDAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key A9h8jY9dPbhHTDbIc/NYWXmRP65wwSMrkY1MN8dV3BM=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AbsqLdLPMf0B7PPlfh9vAd4X4FAQN9Vqx/JPFMjh+FGLAN8xr/w3KFVi\n"
"yXoP/az6hIbJh0HYCwH8D1rPoQLcdpe8XVwFSrHGarZesdslIwc9dZa/D1dx3OGO\n"
"UhJOrdv51QY=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"bLmdO7ME5vq+c9y/Hd8EyBviMBTeo85sHZF/z6Pehc3Wg3i1BJ8DHSd1cK24Pg48\n"
"4WUrGTfonewuzJBDd3MLkKe6epXmvUgvuQN5wQszq1+u9ap/mRf6b3nEG0MHxMlO\n"
"FLx5MBsScuo+Q+pwXZa8vPuKTtEjqbVZivdKExJuIX0=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
" router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"LqNGEa10zwSPeomBXTfgvBnnWAdWyiR7KYZq9T++jK4ctR6hUaWngH8qSteUrkMx\n"
"gyWb6UMmlxdfOG0sdcU463HsqV7zObaKya8/WwQ9elj3FfsToswUCeOaLR/Rg7wC\n"
"zcUjI5VsneQoXT2WVZbZBLsLB3+7QfezVHRMB377GAY=\n"
"-----END SIGNATURE-----\n"
;
static const char EX_RI_ED_BAD_CROSSCERT1[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AV1AfOvQWKlWsbzoBdJc5m72ShIJuA8eNV15basjhXYdAQAgBABy+KQK\n"
"3oLDGtqL5kwRmjAsls/+C6SAoAALll7U7wNSH7en5RVBal4RUzCf57ea/KG0c9V8\n"
"2DmZ3PdOt2aY/M2bWGmmH/tyyapOoV98dhDwFU7zcx/pMfRnJTDRSDwl8QE=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMP6xbqbj+x1mq5XImjeT0rUzqKZTgBd5zvK4Xcy9IifJuFC9+mMzrY4\n"
"WhYbdClxKUkDMkit9MVhek+P/w5TSHKl6AuqGaO09ID+hZpoUSdoBUYktynxfGsx\n"
"kIDu0XvgtAeSyJaVvoV1SKVChY0IBbzUqbHt4O2Q1BhzFCKEJTEzAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBANwWlBh7e/eSLlhto5YUdj1iGYOq+yAmlosDItVfYrSPJuUfM2ocMBAn\n"
"udbRbWiADoqsbKn/gwwHCC/f1HX2FkRXxxnOlJKLo+NEi8tGmOlcQXSQol1pCpvK\n"
"sA9TxtYr+Ft4LRpxNrexF+pIBxqzwetqQrZbKYr0CFJi8q1qlMynAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key cs1AP+xF5cXTLuKeOeItdoDAzfALTJkwk9lB4mtC4QI=\n"
"ntor-onion-key-crosscert 3\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AXL4pAregsMa2ovmTBGaMCyWz/4LpICgAAuWXtTvA1IfAKo6ANUq+hi+\n"
"xb3J4aYafnszlj87oi/DR+SDf29wzwNw8gmaqGzJ5GbfISfABuTUCzlilZyVnLxi\n"
"BHcCH6PWiAQ=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"qC9Kph/kGtONR2DxZDoIFFgnDFC+/7H07EgCiYQdIFIROc+gGK9qBOgeFEptrkXF\n"
"XdE35xxox5xSASQvp7hjFwxUtJRGOtf2O98regqeeaz6O9VPXHkLf51uqX3bVgq8\n"
"KvFAsFFS66GxhtbrVjpyRgIwHAYvse1WVESfLuZZTn0=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 3uW8Q1aetIQLOsqSco128ZUaHlhqdYiBvrxV7x75BGNS5RzIMTEwYDNtEX1LNPFJ5N0YOV0HEEOLhrJUV9QCBA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"WuD7S/saTYBxKvItITbHRi8n+e6g/oVbosicfbRbafYPzPp4Prb+RK03UTafzXrV\n"
"QEQIzDNhfePcIMH8qX+qrogLMXFqiXx6TVQ0GqNvqirokk8ar3AgtRtewhChAuAj\n"
"8pmQTj2JpZn/iB3PCE2l/93O9LHZfp44hc8QOWKs6BE=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_CROSSCERT4[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n"
"rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n"
"CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBALeS5YbeDuKQ5iiuUvh3REoyJ47/YU9lslWmTrVBf9b66pMnYJv/awPu\n"
"m2HredUAJ3VzwQ38VJA39w3fQXUhQDnQ0OPpKzeAmIiuG+6WdW/mBSK7uKcezC23\n"
"LA1d6Afyl79LjZz/n+ENXqNMlJk4QPcPHuRnAvwBl3t8YVRPJmxhAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAPprokY7utWuO/0252dBB5MCxmVD/dROaIBDyFtpdH+YVv04rkOlDzYD\n"
"W4mgHVBMxEm/cspTgQmJ4exRHJPpcSe1RYHt1ONZdLYr6D7OOWf0y1IUrVSzF6K4\n"
"lqlmNuH1H4+TKGbkvixYc5GU/2ZmAy6gFEuphYnBbsN2Ywc38mnfAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key Cgo6xniGfEiuYoLSPUdE4Vb2D4zj2NQzC1lRjysRRXs=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
"Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
"mjQFK4AtRwg=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"bi4M/AJLZF7/vSNmOj4uhrgKBQA/KfcZy5e58mhGL4owxd9vaWfl3aelvb9jf9zN\n"
"Q7FMv8f9aXzeVIoXIpRJxSKIJgBtG2wnMumIc80pqBvTyGInharszb6njfm0bg1u\n"
"PfJkbQYyf/dA5l5UwCrjFs06ImDmjFTAdsSWf6DfZ/k=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"io16v+e0pK3sbFzPGnkQrAjrRgIOJHrVZ1RXcxZ1+UNXagWM/MOLhQpkU/cw49Wd\n"
"4rQeZD3JQh16330eXbxc97AyDgp0b30He846SI0MfW/DnmGI8ZNeYfLbMv2bmbs9\n"
"QULzyIH8C+5mnMI1arcuiAua+Dpa34F79vgqPuvw5fU=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_CROSSCERT3[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AVB+j+B2yPgGywvp7nvejyhMh9ejKmw7LCwufV83Zl9eAQAgBAConA3B\n"
"jJ3X2tES40jd94rRUFS2/s/Yv7E4LEQ9z0+jz8horNivzK3O/t7IGxJggi+b41/9\n"
"Uaqt+wqtVuKj0xJ9jwBlCXFt28G2P9s4ZyXYgGZqo7MlJlboybnOMvmoTQA=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAPWuEWckT4aYAVNrZzLA8xVwfXp0wzfXeTWBztLS8VzssN6w/+cwXdeY\n"
"N1YNc2DiD3u8f+7kmuZIqL1EFQUwTvRwEzQXm2dqGM7qkm5ZGNMb5FKu+QwO2ImI\n"
"FLNiO5zO/LqP3cf/2L8/DuvruLenUrhRtecGFaHmhDYl+2brHIiPAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMtHTfk0gDvp9+PtIG8Ks7rgCiJZ2aihSvr6WaKHYuIprgspFuga98cg\n"
"D//J80CrgH5Dw68YnkG+gU40IxP7YzhQ4glFlJGu3s2y7Qazcv5ww1XtHur+GDoA\n"
"cY0zCLhltNQFxIsoVUepY97XA6Y2ejYJjyqNXQcAmoPNoVhnTdkhAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key ibZf57LptdOK3WpVFXkYMatEEqPhuVWxsnkwF6638V4=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AaicDcGMndfa0RLjSN33itFQVLb+z9i/sTgsRD3PT6PPAEbkxCdI/bH/\n"
"B06DAjRuoDiv1HKsGuW+UN1iGEiWu2ieFzf3m0Z7BL9p2u2zIbHYkP50b3T3sebD\n"
"1AksemmMdA0=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
"JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
"M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 XS4zVi46Xl3xKhuozPCDlW0QRFD4qUhJmkefonQNsRlMVsrPkALnP2tfnfdfTc69hbNa22pOjJNf6Gm505EnAw\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"Q+R3OpO8VhfvFbXuE5qolhVbgosBHy2A5QS91TMzCbsxa8pBA6Li4QdPR37wvdLq\n"
"KayfmmNCMKU5qiZMyXqJZm4fdpxiSi50Z0tYlXM3b2OVfza3+pSOEBl89fN6G4Qc\n"
"pAmM14eEo1UzXrqZw76tMS2CwOYF5vR2xFGCYC0b5hM=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_CROSSCERT5[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AaCfOaispi7dJhK0c8HXJHIwoBkMgRpmmHu+3Zce/soMAQAgBAB5bAIo\n"
"5i4TSY/bV2KQAyziRwvgJm+nEiECClflPbP9Um+zOzOgxtDmNnR5UFQj+VWNG4uf\n"
"5lnaryN+PfUXZMTcs8AARof3fFz9tVPINHDrsGvKt8gpzgZEHkVioAXOFwg=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAL3Fr/ovZ9SMGYrAM24taKBm/NpemZaXdD/JeBXFYm5Zs3szLwJC4Etm\n"
"zjNL6tVy+I21O1g3cs16TkflcidsjPXNx//PHAn7bqWMekjrt3SQdkHW2gDPgT2c\n"
"zYJ/hBR96JYG796jP3pkfJz6Iz5uT/ci3A/cdaVbzM1uZbMUgYGzAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMHB+1dWa8BBrKE94vTqfbkSEuysG5LyyZF/WrqHq/3W+ocDLz795k8O\n"
"2Zvgr9im/Ib4hD7IyrtRexcuBdwujdG7cBALdCcWiUTGAMkl96HNETSX+lUVIpJ9\n"
"pMsc9O7+yz+/0Cl2RpILZCdE/7I96qHpZl3tzlRKSu15WeIm5U77AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key GXi0a2VLcRHQMMYys85zu3IPqOn5ZTsOixYyQvTGnQs=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN BUTTERED CRUMPET-----\n"
"AQoABf54AU3MlHAEtdPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
"Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
"mjQFK4AtRwg=\n"
"-----END BUTTERED CRUMPET-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"T9NHMBhuJo+TlfU3TztNgCc9fK1naNRwPOyoqr5R6lJvJ40jkHnIVOFuvuzvZ35O\n"
"QgPbyFcMjv6leV5xcW+/I9tWaBUFXiRGI27qjCFth4Gxq2B6B2dIcQliLXSvW9b+\n"
"CMTgDwVa4h2R2PMh18TRx1596ywE09YhCgBF3CwYsiM=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 sRpiP9kyW/DGOphp4V2VCtcKNA8i7zGuv2tnljNIPTB7r7KsTvdUk/Ha9ArRQEivO4nC2HHENtknDl3GtWIPCA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"DtORw3+gO/yUUIp70xDaWSOgQZrJAAoZTNCB7q5WCoZOngeaCiC1Gtc+Fmdn7tER\n"
"uPqQC5H/Kh3Mi82PCj0JxvNivnNTNY1AZVaIX5YoioXVOkWF0B2pqMvFuDSdm2oJ\n"
"29PqSVcklquu19EjJRTopIHvYn3sFhQL4LarMsYY11c=\n"
"-----END SIGNATURE-----\n"
"\n"
"\n"
"\n"
;
static const char EX_RI_ED_BAD_CROSSCERT6[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55ARMMCtQ8pObC5bq02AUE9Lx2bqsZBBkeOsDZVaEq6JavAQAgBABtV0xF\n"
"CsWXL/uFIBnoEsnXBeU1MvYRFrj1vR7QHdWXnxywXvBYUAC8lu/uyc8qqLp+aQSJ\n"
"5JzpDYlg3hp1fl5k97iv5F9WrR6s554YpmgYy9agFaxZ4LmRgz7n0UJ8mwM=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAO5qd1TndKD2pEs1ZLWsHlvfO/E7cA0H7NKGLSioGpBf4P0rtkueX4ci\n"
"kJNa/4Fn/QsLECqEF2lUjkIc8YL+HMS6qteKvN8+nn16DfvnIhPDNZWTJjLl1bOI\n"
"sWSSiduhanoWQnhRtl3Rxg3opdNd9ApO0DLUNy4Qy18Ai6SgksfHAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAJkMYNpK7eJJyGwD/xG/iNg6gzzbIwrOSvmtoP7Rot42qtBiQ9A9kdsy\n"
"sazwkWkM93U1+1OaAADPYxeHoyHnuia95Cnc5y2lFSH3I7gnGGSPKSTwXtdyvDWZ\n"
"P1LbmQ4Bnh5leTCNZ/eFC4/GjNVzqHxjbb8a11dQhA8dOk8PrUq9AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key HdSQOqvLr4YnJE1XzzVIddgKgnjaHKJqnq0GqF4wXDg=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AW1XTEUKxZcv+4UgGegSydcF5TUy9hEWuPW9HtAd1ZefACVwif1deQry\n"
"K5GeemRa32sGzujVDDe75WRiPKFT3l/EtjTq3oeVq2xwbVJklnG3ASejKTr3YcHt\n"
"ov0jOl0jywc=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN NAUGHTY MARMOSET-----\n"
"BpLBsl6Yo64QzczJn0TjdcXC1Jv9IhUG2m/Re3v0voCELOP+t5vkZXXLoVL23oKv\n"
"JheSkWiuAIEPsatb4afXZ8wZxPcQjwy3zTOBM7p9CG5fA+KYpqKTxAi+dhVYlcDo\n"
"M7S5nMV63FclkZIT70FFTHwWed1sAKwEO3/Ny24eppc=\n"
"-----END NAUGHTY MARMOSET-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 lNY8TRX/FZdH5eFbsBkFHuRi8bPDsE5P+v7zExyD/IXnKS/ffYlP8qw1XIPdEDOIzGQ14+kyPX0SotaAqHRtBA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"BHamS+epF77iozo5cBt+tbs22m9GhwY55DRXpEWAtvn67jsMnmn7qCOLONigK1RT\n"
"adZNezIydcCxXltgHTdKaZw4lcqv3s0KL8kI8frbBmm7PjXtWnrdXBYY+YK54MN/\n"
"t4N3162o9hzzKSwye0gPjgzpQ1xtEIkzWhBcmE9Vw5s=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_CROSSCERT7[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AfVmH2ReTyatl4VnS5YREtCM2dwikWuAPffq6M5bysZxAQAgBAAXoqE7\n"
"taqwLDXLZrZukpF1eBkCwYQK9uzctHTuMdqOHChguvkfX7V4H3O76Ayqvz+Z1ut1\n"
"KYRdgiArn3viRaBv3ZKT4Z75suMI3bjqGOSGLAKfOa0uLkOmKblHHhSUkwQ=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOLNugzUezzzw+N1SuQWzILJYkUJyQDoVXSZjT0dzBplHCjlrv0WZCUP\n"
"/pbonE7SlCChIovHcdiASaLj7MVaGgYDq3M1Vtgt5vhgGl10/+evBAD1QEt8AVfr\n"
"5+PH/sbZvOWucAhNUhOlqFKAn4vdRY39VEEXC5/Jz5fsk1E/DBu5AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAKxzg1hsYMS+0zAIrgYxSGO0GbKRrL/VhdlMEGu7ACaoqlGnmGQS3B4B\n"
"gLk8xDdx9N//8+YTx0hUIxP38w08lubPl1WXMq8s7wAiFd06Nklf65mHs0sXVtS1\n"
"EG3f97PQqmBpEJOwYBATNcA9e6F62P8SXNkpSjOzNaE0h9wHNKk7AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key msdr3O4W4bm/xdmZLzj35363ZSFex8yQxLWsV3wRCAQ=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"VQoABx54AU3MlHAEtgPdAyWJzRBnh4brXbCR9JFLjLM40hsBMoscAJ8cHMIc71+p\n"
"Qa+lg5JiYb551mLgtPWLy12xdhog7SXiJl3NvnMgbMZXHDqkU2YZCidnVz+xqMdh\n"
"mjQFK4AtRwg=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"RJJRiU0vjVtRi3bVZru3aTvV5l56X/WOOp/ii316yPAS3aAMpOm1+piFVR5MNqcB\n"
"ZGyrA2Kx0hawdL2buU47iZ12GOCi4f1Es4V4N0TQgJICsKX38DsRdct9c1qMcqpp\n"
"1aENSRuaw0szTIr9OgR7/8stqR5c3iF1H5fOhmTi6xM=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 4DSdPePrToNx3WQ+4GfFelB8IyHu5Z9vTbbLZ02vfYEsCF9QeaeHbYagY/yjdt+9e71jmfM+W5MfRQd8FJ1+Dgxx\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"F3ZqvsyL6RRhPEnNFFIZY4WJM7LK082rseWzRkGNXjwoEwOWUK8enQ4Wjit+wozW\n"
"4HVIY1F+vP7gm6IiOEAFgEpB4C8FGuyoFw2q0ONA2tqTcvBJDDnqbx08FO7v2Dij\n"
"d3ucfc5gf7YNaoFCMMuyAzC56eyNk4U+6cSKy6wnJds=\n"
"-----END SIGNATURE-----\n"
;
static const char EX_RI_ED_MISPLACED1[] =
"router fred 127.0.0.1 9001 0 9002\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAKT6OIN6TsDB+xcp1uLeE0K3aiHGqa7hdxMBGpvcD0UFSyzpVv1A/fJa\n"
"tClDCwTpfTGbyK2L7AO75Ci0c7jf6Pq+V7L6R7o12g6WBTMrgsceC4YqXSKpXNhi\n"
"oudJyPfVzBfKcJUSynv89FUQOyul/WRRqWTfv0xUsJ3yjuOESfCNAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AbBV9NVz0Hdl0Uiv87LiXaTAoeSXE+bheNG4Dju1GzQHAQAgBAD16h+T\n"
"ygzSgPN4Qat5ITthvm+lvMwMVGbVNWMxNy9i33NGhgp8kqMp2iPAY+LhX8It2b+X\n"
"8H9cBmYLO5G7AlMPj7GsuWdCdP/M/ldMvFfznlqeE3pCpRas6W48CFJ+9Ao=\n"
"-----END ED25519 CERT-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBANMO/MepK3uCkKTLRCwIWc/8URVza2gEmDx6mDTJIB/Mw8U8VRDuu4iJ\n"
"v+LL3D8/HGLvT9a8OXbl5525Zszt8XueF3uePBF0Qp0fjGBL8GFqmrmFe6plurPJ\n"
"TfrS/m3q+KhXAUowmghciVGDY0kMiDG9X/t/zKLMKWVDYRZk+fupAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key I8yDO62Flx5O/QsFvgb2ArIRqwJLWetHMeZdxngRl2A=\n"
"ntor-onion-key-crosscert 1\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AfXqH5PKDNKA83hBq3khO2G+b6W8zAxUZtU1YzE3L2LfAGC1uXxN2KwW\n"
"w4PqRidM1UPZ5jVOHceZYNQcTzzzArfBpr9OraOO2up4TGte8GVqjJNxrZc1gfjn\n"
"CwPW5WxpFg0=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"jLg3D3VO4i0sN8p2qtB6+5C3tai/K4M89mP7z2abQnUTbynOacPoNXIk4o64DjBJ\n"
"kaR42yfA7yQZ8Rj8abwgz0Zz6zbd+JjE+s/EklrEEtOl+jZAl3i+92FaHROJojXq\n"
"hw+ZEPOb9zgb1UQ7S1Fo+GoqA5bdGm/Wg1kSQielkNE=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 TRKvIl/wIIRD4Xcmd6HYmy7tD0KhVGgoStpWPtX0zmXGZ7+jugItrY0frDu9n82syiruuA45ZOs1Rfi4CbOSCg\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"NYpRfurB1YhFmDAdRc2Sd77S7By2V/0kgEHpJhtySb7efiQsyOA4ZBr1zEFPAXdp\n"
"TviKzyS9kN2fnz3hORoqFul33BDZbiLMNLtt5tzp62TYtmIg9IZdjjczbJUgbVLt\n"
"KCJL0vM7fdbXkZX61GIBbMYwzwIiHvVxG7F/AS5RbtE=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_MISPLACED2[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55AfJo9FIePrxeDNnWT6SWkoz0/L27018XjUNWEHfaR06MAQAgBAAMgolK\n"
"nLg3ZnVv0skzHCfmX+ZR9Ttwj7FNXfhXCsyr860S79OW5LD0/m1GcS9JflWhP+FO\n"
"ng5cRb+aqNc8Ul+/4sQudZRx8w4U3d5rOuMGCqhQXnktH9AFzQHFq0jpAAU=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAPeK/znKLRvSUmCIUiZOgfhiRFt7XGN//C2GFuey4xkKiIr9LWMuVe9m\n"
"Wx39Ea2UGEtNGCEVvZdJMDVRl7heFTfJTN4L1YeyWx6iNRWlpAmgQOKII7slHwlq\n"
"seEULOLOXc9AsU/v9ba9G54DFbHfe2k44ZOwEmaQZW5VF/I0YMMdAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAKFRzlrqPPxEW0nboAJ1qzKFb/vFtvRW0xNVb8RtbOY/NY5FV1hS8yfH\n"
"igtugkrOBmWah7cmJhiON2j+TKeBxEoXwJMZeyV+HLbr7nY/mFhad4BQ3Frkl8d6\n"
"1kQMhOJswMdwnnVHPNGUob4YAX0SpFA6MpBVj92zmMBeaihqUS9VAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key br8svioLcJCAQxoo3KvlT288p8rb4lQIZNLlplkIKkw=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AQyCiUqcuDdmdW/SyTMcJ+Zf5lH1O3CPsU1d+FcKzKvzAG9XqwmRm0uJ\n"
"E49NoHcWr9IzdIwSGo+PJSkVpk95a5p2s065BetCWxEEBJQniajQf2hZ36zmV9rq\n"
"a6puqkEAKAM=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"d6QGIVAJL5JjHUyV+aicLIdBYyxHwviKpPcp7uldRF8vfDGFpu0qFgJ5KT+3t36w\n"
"QY1r75bvUMG/ZzGKDg95dcK0X2AK6GFlcrYyCoQEVOsuPc1QEUeK9P2s7viNQE4V\n"
"tRwG/CvJhPfcnxErzVGfXIeYRL1r/hPNFDZSeSxPPM0=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"router-sig-ed25519 ts9pFk8PnDWtXgQad09XC/ZCbruSx1U1pNOMWF9fyoNG0CodxdDH9Vglg+BOS7Nd9fmsINfPWKCVdVuSSM7zCA\n"
"reject *:*\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"YMl6mpQm7UCsPQhZKMm0aZ7fzGevWzRbQO+de20HTn7fVqMWQf2hBDJe9QTN/uDK\n"
"/VKYT8SnIBexbrSMy1N5q8kNFKxxUtwA9GRtz620Vvc4m+lz/tnT9qucIKCDL5iJ\n"
"eRpnls0JoAMIHKl99zdUioYubmOZuqUaRAdT8ulWy+Y=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_CERT1[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n"
"Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n"
"dZToQTFSzAQ=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAM4o2DrTwn3wrvUMm41S/hFL5ZtRHGRDh26o8htn14AKMC65vpygKFY7\n"
"fUQVClAiJthAs5fD/8sE5XDtQrLnFv5OegQx8kSPuwyS/+5pI1bdxRJvKMOUl2Tc\n"
"fAUhzeNBmPvW3lMi9Fksw5sCSAKQ5VH/+DlYvBGZIO49pTnOAty1AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMzIsJeEWWjN3Lp6qrzaJGn8uhJPJyjy2Wt3sp7z7iD/yBWW6Q7Jku3e\n"
"C5QfKmSmNi2pNjS0SqPjqZZNsbcxpq/bEOcZdysZG1lqi/QgxUevk57RWjh3EFsG\n"
"TwK3ougKWB5Q6/3m32dNsnnnDqzVapgZo7Zd3V/aCo0BVtL5VXZbAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key W28nwT/5FJ818M78y/5sNOkxhQ7ENBhjVhGG2j6KvFY=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AYf+rX8a5rzdTBGPvLdQIP8XcElDDQnJIruGqfDTj+tjAP+3XOL2UTmn\n"
"Hu39PbLZV+m9DIj/DvG38M0hP4MmHUjP/iZG5PaCX6/aMe+nQSNuTl0IDGpIo1l8\n"
"dZToQTFSzAQ=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"FWnEjvFob0ObgqohMT7miwGsAuioCT7Urz6tyWaGWph/TP9hbFWj4MPK5mt998mn\n"
"xA8zHSF5n/edu7wVX+rtnPrYPBmg+qN8+Pq6XMg64CwtWu+sqigsi6vtz/TfAIDL\n"
"mypENmSY32sWPvy/CA8dAZ2ASh57EH9a+WcFModpXkM=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 88YqJdGJS4O6XiUCNrc9xbOHxujvcN/TkCoRuQQeKfZGHM+4IhI6AcXFlPIfDYq0SAavMhVmzsDDw0ROl7vyCQ\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"cU4WDO3w9ZfVRbNUgxOQMbwS2xWXvaL+cZmIV6AAjAZVWkLEpif4g6uYu+jJUZOS\n"
"NUT7lNOMwTu4tE4b1YJpnD9T8iW0DlOXxlvRBMQYmKwhQuYk898BDGTSk+0AY0HJ\n"
"vv8wRVewDajNhW7tFY907IdHvPXG0u83GANxkYrRyUg=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_CERT2[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN WOBBLY RUTABAGA-----\n"
"helo\n"
"-----END WOBBLY RUTABAGA-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBANZvqyqFeiekh8ApqIGK4ZtOqjaX87EzDestvAWwamVOXiPoUrzXgM3O\n"
"l8uuTnMA4TfnjLyyA2TnaMzJylOI1OMHuW/D9B/liWDstSxWNNIlKgLQ/Dh9xBS7\n"
"uQb2PYlI+iMkPKPyJQSTDdGHE7cdFPewUfhRtJU3F5ztm/3FLBFvAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBANZl8U/Z8KCPS7EBDzt8i9kNETXS7vnp9gnw3BQNXfjiDtDg9eO7ChxY\n"
"NBwuOTXmRxfX3W9kvZ0op9Hno6hixIhHzDql+vZ+hN7yPanVVDglSUXcr31yBm5K\n"
"kA+ZnRvH3oVQ97E4rRzpi09dtI13Pzu7JS5jRMtH+JF1kQBoNC0dAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key lUrEL+TVXpjjHQ2BIKk34vblyDmoyMro1a6/9hJ4VRc=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55Abm5E7FBdd3F8N1xuz/vdv03zh2lABrmGjzPQ3AFJtntALNeQTgjv0JL\n"
"jON4+SPNi0B2Bva3yKaSsdxiHQ1rIwQqIUVkzXmmX4jmsvJK/9gERAdD7GafTKZQ\n"
"BaZbNXBvmQw=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"OxkqFsw1vHUQ9iPYcKC/MHUBtbLPK6JY2i81ccAai2eW118UXcTbeCRccrXyqSkl\n"
"RLcooZyli1D6wg9x7O8+2+HXIbUa6WcTOD1Qi7Z9wKZfk4sDUy7QHKENMRfAXwX3\n"
"U/gqd4BflMPp4+XrYfPzz+6yQPWp0t9wXbFv5hZ9F3k=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 fW6Bt4R3xVk5KMDyOcYg8n5ANP0OrQq2PQFK2cW0lTAdi+eX+oT/BeWnkrn0uSWOC/t4omCmH4Rdl8M9xtpfBA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"DHxiQXuLxZR0ylqwUGGePgN4KF4ItlOV/DuGmmszCO/Ut0p+5s4FP2v6Mm9M92Wj\n"
"75rS9xF/Ts0Kf49dvgc+c5VTvhX5I5SwGQkRk0RNJtNoP0t+qXBHaFV8BlAeaWF6\n"
"Lg3O+GUK325fQv9uDPCe37mFQV9jafAzsZUrO/ggb1U=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_ED_BAD_CERT3[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"BVVVnf55AW5TTGF9jCMl7aALZzqypD9Bj8WYnAPIrKCoIJdgMbY0AQAgBAB7eCn8\n"
"rukx7t/egZUdqU7+FYqsnO4wdmOkLZkp0+gpF3jjk6N1Q0037NNVNZBjONB0Nm2F\n"
"CpB3nWSJliSSKr5tOYsuBPFy5VVGYeKPakpOoxanQ1UcqevMBAQy0zf9hwA=\n"
"-----END ED25519 CERT-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAPgeQNbKwpnTU+qW/2djh66hptS9rcy1B4vdyWkDTdREao2ECuCv691Y\n"
"oIw3MpTWvpC1qHIKorunusR0FKgwXw3xQTikXbDq/1ptsekzoIA1R/hltQV3UuGH\n"
"zdzHuQXAMX7Fdll2gyya03c3Yq5s+xSDvGdkEeaIoctKjwxp4SdNAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOzWuH4cPW9rIrfi8MrruMUg4IUVHz4BxfY4/szMIUvzeEAdHn4FYkWy\n"
"Vt7MDtUELZsmZeFNmkn72kLxnrdZ5XhxZBriq1Fzq11cSWRBF+SyE1MdcouY4GyG\n"
"drw6T8xb8ty19q0eO6C/gw27iqXPAp1clvkroLg6Nv9lGZvsedVDAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key /vYZ+9yLqG7yUnutoI57s96JBl36GTz0IDWE244rbzE=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AZ4zVBWP/fIYEgWmyj0WpO6CkXRJjtrWXtiT02k3IddiAMpYgMemGIpN\n"
"xj7TQRULsHHYvo4fLcKrSgndQbUUhfLTUuVhIzbnE2TBLMVOEkpxKU6mTuvTT/3h\n"
"MJugrwTWVg4=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"c/Vqu3wtsTsYMdnhTS9Tn1Pq6jDmH4uRD5WmbaCKKrkin2DjuYSMVpypndkdlZDE\n"
"He7uF7SUO3QG/UcRIXYOsg9MSLUmvn2kIwef8ykyqlRh95Csjo5DyattUhL2w4QF\n"
"tJkJBQAnXWaAVW1O8XimGCAvJ84cxbmZEcpN6WKjrXI=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 Ue7bkPpOoc8ca7cyQj/Vq3BP5X4vwLA5QmpLGw/WfRNVRPojJRxU3RVqWMi3JbsJFRTe6pH6ZHyXER33G5aAAA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"ifKUtbxmqHVs8A0oT5n7Te0c6D/XqWQTc0RxX9OKGspzh6wNX26h0Xa2vpK1Q9Zu\n"
"sj61I7vbHuZN6rxiWs9IzJgb//XaNJasX1pd9tbGSXW+yYzc9G9kaa7vp3HcnhIP\n"
"XVWzzS8WmOiVNGcF65j6f7yGloTgN7cHMptgJG7pWes=\n"
"-----END SIGNATURE-----\n"
"\n"
;
static const char EX_RI_BAD_EI_DIGEST2[] =
"router fred 127.0.0.1 9001 0 9002\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf55ATrK8IVBWLO2yXKCqXLXJOTu89W2b+hREPO+tCrxjVqWAQAgBACG/vVx\n"
"NK8wKVZvf34d75ZObSR0ge1N2RrAIKNslNXBq/tcllIrNE4S0ZNcMpA+hxXoVFeo\n"
"jbxifYX7nTs5N3GrGPmkiuo82v2X6ZwoIXJGFnvWMxCjsYsUVDDxoT6h/w8=\n"
"-----END ED25519 CERT-----\n"
"extra-info-digest E5FAC29E766D63F96AD175069640E803F2723765 99oo\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAK9wHSdRalxkuAybrSCA3dlEC1ZGc7oHOzXRGLg+z6batuiCdQtus1Rk\n"
"LP821eZJtEMAE56aewCIHDcTiCxVa6DMqmxRjm5pfW4G5H5QCPYT6Fu0RoYck3Ef\n"
"vkgits5/fNYGPPVC7k8AdGax5dKj5oFVGq+JWolYFRv6tyR9AThvAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAKxjxTQ/T/MHpFbk7/zwA7l5b3IW3yVcyVe6eIGFoYun8FI0fbYRmR4M\n"
"G5Asu07gP9Bbgt3AFPuEqrjg4u+lIkgqTcCgKWJbAgm7fslwaDTXQ36A7I1M95PD\n"
"GJ10Dk5v4dVbrqwoF7MSrQPFtMO91RP11nGPSvDqXZJ4XpwqwdxpAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key LuVmHxpj4F5mPXGNi4MtxbIbLMav6frJRBsRgAvpdzo=\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf55AYb+9XE0rzApVm9/fh3vlk5tJHSB7U3ZGsAgo2yU1cGrAKBcSzwi4lY/\n"
"salCELOLdeZzOjDNnBd6cKp2WJg7Yz5zFlbVbyNk0iwfGmucHk8vQZe5BS0Oq/Pz\n"
"B1u/BcJv8gk=\n"
"-----END ED25519 CERT-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"QsAQVdDVHtasDbhrZG4ZxImdTTMY7fz3vouAiGyZx6/jCCB5v0gHwTn4xo6pgLEW\n"
"LQfMhQZIr76Ky67c0hAN2hihuDlfvhfVe9c2c5UOH1BOhq3llE3Hc3xGyEy3rw7r\n"
"5y38YGi759CvsP2/L8JfXMuBg89OcgJYFa27Q6e6MdQ=\n"
"-----END CROSSCERT-----\n"
"published 2014-10-05 12:00:00\n"
"bandwidth 1000 1000 1000\n"
"reject *:*\n"
"router-sig-ed25519 5zoQ0dufeeOJ/tE/BgcWgM8JpfW1ELSXLz4dI+K8YRH/gUtaPmYJgU2QfeUHD0oy1iwv4Qvl8Ferga7aBk1+DA\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"D6KRMwkb6JmVEnpZ825SD3LMB84UmVy0i94xk44OwhoWNKLXhaSTWJgf6AqnPG5o\n"
"QrCypSb44bYLn+VaDN5LVUl36jeZqCT4xd+4ZwIRdPOUj7vcVmyUDg3lXcAIk97Q\n"
"E5PrQY1mQuLSIjjKInAR2NRBumNJtRw31Y/DTB7tODU=\n"
"-----END SIGNATURE-----\n"
"\n"
;

View File

@ -35,6 +35,8 @@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \
-DLOCALSTATEDIR="\"$(localstatedir)\"" \
-DBINDIR="\"$(bindir)\"" \
-I"$(top_srcdir)/src/or" -I"$(top_srcdir)/src/ext" \
-I"$(top_srcdir)/src/trunnel" \
-I"$(top_srcdir)/src/ext/trunnel" \
-DTOR_UNIT_TESTS
# -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
@ -67,6 +69,8 @@ src_test_test_SOURCES = \
src/test/test_extorport.c \
src/test/test_hs.c \
src/test/test_introduce.c \
src/test/test_keypin.c \
src/test/test_link_handshake.c \
src/test/test_logging.c \
src/test/test_microdesc.c \
src/test/test_nodelist.c \
@ -135,7 +139,7 @@ src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
@TOR_LDFLAGS_libevent@
src_test_bench_LDADD = src/or/libtor.a src/common/libor.a \
src/common/libor-crypto.a $(LIBDONNA) \
src/common/libor-event.a \
src/common/libor-event.a src/trunnel/libor-trunnel.a \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ \
@TOR_SYSTEMD_LIBS@

View File

@ -1137,6 +1137,8 @@ extern struct testcase_t guardfraction_tests[];
extern struct testcase_t extorport_tests[];
extern struct testcase_t hs_tests[];
extern struct testcase_t introduce_tests[];
extern struct testcase_t keypin_tests[];
extern struct testcase_t link_handshake_tests[];
extern struct testcase_t logging_tests[];
extern struct testcase_t microdesc_tests[];
extern struct testcase_t nodelist_tests[];
@ -1183,6 +1185,8 @@ struct testgroup_t testgroups[] = {
{ "extorport/", extorport_tests },
{ "hs/", hs_tests },
{ "introduce/", introduce_tests },
{ "keypin/", keypin_tests },
{ "link-handshake/", link_handshake_tests },
{ "nodelist/", nodelist_tests },
{ "oom/", oom_tests },
{ "options/", options_tests },

View File

@ -495,6 +495,43 @@ test_container_smartlist_join(void *arg)
tor_free(joined);
}
static void
test_container_smartlist_pos(void *arg)
{
(void) arg;
smartlist_t *sl = smartlist_new();
smartlist_add(sl, tor_strdup("This"));
smartlist_add(sl, tor_strdup("is"));
smartlist_add(sl, tor_strdup("a"));
smartlist_add(sl, tor_strdup("test"));
smartlist_add(sl, tor_strdup("for"));
smartlist_add(sl, tor_strdup("a"));
smartlist_add(sl, tor_strdup("function"));
/* Test string_pos */
tt_int_op(smartlist_string_pos(NULL, "Fred"), ==, -1);
tt_int_op(smartlist_string_pos(sl, "Fred"), ==, -1);
tt_int_op(smartlist_string_pos(sl, "This"), ==, 0);
tt_int_op(smartlist_string_pos(sl, "a"), ==, 2);
tt_int_op(smartlist_string_pos(sl, "function"), ==, 6);
/* Test pos */
tt_int_op(smartlist_pos(NULL, "Fred"), ==, -1);
tt_int_op(smartlist_pos(sl, "Fred"), ==, -1);
tt_int_op(smartlist_pos(sl, "This"), ==, -1);
tt_int_op(smartlist_pos(sl, "a"), ==, -1);
tt_int_op(smartlist_pos(sl, "function"), ==, -1);
tt_int_op(smartlist_pos(sl, smartlist_get(sl,0)), ==, 0);
tt_int_op(smartlist_pos(sl, smartlist_get(sl,2)), ==, 2);
tt_int_op(smartlist_pos(sl, smartlist_get(sl,5)), ==, 5);
tt_int_op(smartlist_pos(sl, smartlist_get(sl,6)), ==, 6);
done:
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
smartlist_free(sl);
}
static void
test_container_smartlist_ints_eq(void *arg)
{
@ -1053,6 +1090,7 @@ struct testcase_t container_tests[] = {
CONTAINER_LEGACY(smartlist_overlap),
CONTAINER_LEGACY(smartlist_digests),
CONTAINER_LEGACY(smartlist_join),
CONTAINER_LEGACY(smartlist_pos),
CONTAINER(smartlist_ints_eq, 0),
CONTAINER_LEGACY(bitarray),
CONTAINER_LEGACY(digestset),

View File

@ -698,9 +698,18 @@ test_crypto_formats(void *arg)
for (idx = 0; idx < 10; ++idx) {
i = base64_encode(data2, 1024, data1, idx, 0);
tt_int_op(i, OP_GE, 0);
tt_int_op(i, OP_EQ, strlen(data2));
j = base64_decode(data3, 1024, data2, i);
tt_int_op(j,OP_EQ, idx);
tt_mem_op(data3,OP_EQ, data1, idx);
i = base64_encode_nopad(data2, 1024, (uint8_t*)data1, idx);
tt_int_op(i, OP_GE, 0);
tt_int_op(i, OP_EQ, strlen(data2));
tt_assert(! strchr(data2, '='));
j = base64_decode_nopad((uint8_t*)data3, 1024, data2, i);
tt_int_op(j, OP_EQ, idx);
tt_mem_op(data3,OP_EQ, data1, idx);
}
strlcpy(data1, "Test string that contains 35 chars.", 1024);
@ -1264,6 +1273,8 @@ test_crypto_ed25519_simple(void *arg)
tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pub2, &sec1));
tt_mem_op(pub1.pubkey, OP_EQ, pub2.pubkey, sizeof(pub1.pubkey));
tt_assert(ed25519_pubkey_eq(&pub1, &pub2));
tt_assert(ed25519_pubkey_eq(&pub1, &pub1));
memcpy(&kp1.pubkey, &pub1, sizeof(pub1));
memcpy(&kp1.seckey, &sec1, sizeof(sec1));
@ -1283,6 +1294,7 @@ test_crypto_ed25519_simple(void *arg)
/* Wrong public key doesn't work. */
tt_int_op(0, OP_EQ, ed25519_public_key_generate(&pub2, &sec2));
tt_int_op(-1, OP_EQ, ed25519_checksig(&sig2, msg, msg_len, &pub2));
tt_assert(! ed25519_pubkey_eq(&pub1, &pub2));
/* Wrong message doesn't work. */
tt_int_op(0, OP_EQ, ed25519_checksig(&sig2, msg, msg_len, &pub1));
@ -1421,9 +1433,10 @@ test_crypto_ed25519_test_vectors(void *arg)
static void
test_crypto_ed25519_encode(void *arg)
{
char buf[ED25519_BASE64_LEN+1];
char buf[ED25519_SIG_BASE64_LEN+1];
ed25519_keypair_t kp;
ed25519_public_key_t pk;
ed25519_signature_t sig1, sig2;
char *mem_op_hex_tmp = NULL;
(void) arg;
@ -1434,6 +1447,11 @@ test_crypto_ed25519_encode(void *arg)
tt_int_op(0, OP_EQ, ed25519_public_from_base64(&pk, buf));
tt_mem_op(kp.pubkey.pubkey, OP_EQ, pk.pubkey, ED25519_PUBKEY_LEN);
tt_int_op(0, OP_EQ, ed25519_sign(&sig1, (const uint8_t*)"ABC", 3, &kp));
tt_int_op(0, OP_EQ, ed25519_signature_to_base64(buf, &sig1));
tt_int_op(0, OP_EQ, ed25519_signature_from_base64(&sig2, buf));
tt_mem_op(sig1.sig, OP_EQ, sig2.sig, ED25519_SIG_LEN);
/* Test known value. */
tt_int_op(0, OP_EQ, ed25519_public_from_base64(&pk,
"lVIuIctLjbGZGU5wKMNXxXlSE3cW4kaqkqm04u6pxvM"));

View File

@ -14,15 +14,18 @@
#define NETWORKSTATUS_PRIVATE
#include "or.h"
#include "config.h"
#include "crypto_ed25519.h"
#include "directory.h"
#include "dirserv.h"
#include "dirvote.h"
#include "hibernate.h"
#include "networkstatus.h"
#include "router.h"
#include "routerkeys.h"
#include "routerlist.h"
#include "routerparse.h"
#include "test.h"
#include "torcert.h"
static void
test_dir_nicknames(void *arg)
@ -87,8 +90,11 @@ test_dir_formats(void *arg)
routerinfo_t *rp1 = NULL, *rp2 = NULL;
addr_policy_t *ex1, *ex2;
routerlist_t *dir1 = NULL, *dir2 = NULL;
uint8_t *rsa_cc = NULL;
tor_cert_t *ntor_cc = NULL;
or_options_t *options = get_options_mutable();
const addr_policy_t *p;
time_t now = time(NULL);
(void)arg;
pk1 = pk_generate(0);
@ -127,14 +133,33 @@ test_dir_formats(void *arg)
ex2->prt_min = ex2->prt_max = 24;
r2 = tor_malloc_zero(sizeof(routerinfo_t));
r2->addr = 0x0a030201u; /* 10.3.2.1 */
ed25519_keypair_t kp1, kp2;
ed25519_secret_key_from_seed(&kp1.seckey,
(const uint8_t*)"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY");
ed25519_public_key_generate(&kp1.pubkey, &kp1.seckey);
ed25519_secret_key_from_seed(&kp2.seckey,
(const uint8_t*)"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
ed25519_public_key_generate(&kp2.pubkey, &kp2.seckey);
r2->signing_key_cert = tor_cert_create(&kp1,
CERT_TYPE_ID_SIGNING,
&kp2.pubkey,
now, 86400,
CERT_FLAG_INCLUDE_SIGNING_KEY);
char cert_buf[256];
base64_encode(cert_buf, sizeof(cert_buf),
(const char*)r2->signing_key_cert->encoded,
r2->signing_key_cert->encoded_len,
BASE64_ENCODE_MULTILINE);
r2->platform = tor_strdup(platform);
r2->cache_info.published_on = 5;
r2->or_port = 9005;
r2->dir_port = 0;
r2->onion_pkey = crypto_pk_dup_key(pk2);
r2->onion_curve25519_pkey = tor_malloc_zero(sizeof(curve25519_public_key_t));
curve25519_public_from_base64(r2->onion_curve25519_pkey,
"skyinAnvardNostarsNomoonNowindormistsorsnow");
curve25519_keypair_t r2_onion_keypair;
curve25519_keypair_generate(&r2_onion_keypair, 0);
r2->onion_curve25519_pkey = tor_memdup(&r2_onion_keypair.pubkey,
sizeof(curve25519_public_key_t));
r2->identity_pkey = crypto_pk_dup_key(pk1);
r2->bandwidthrate = r2->bandwidthburst = r2->bandwidthcapacity = 3000;
r2->exit_policy = smartlist_new();
@ -150,7 +175,7 @@ test_dir_formats(void *arg)
/* XXXX025 router_dump_to_string should really take this from ri.*/
options->ContactInfo = tor_strdup("Magri White "
"<magri@elsewhere.example.com>");
buf = router_dump_router_to_string(r1, pk2);
buf = router_dump_router_to_string(r1, pk2, NULL, NULL, NULL);
tor_free(options->ContactInfo);
tt_assert(buf);
@ -183,7 +208,7 @@ test_dir_formats(void *arg)
tt_str_op(buf,OP_EQ, buf2);
tor_free(buf);
buf = router_dump_router_to_string(r1, pk2);
buf = router_dump_router_to_string(r1, pk2, NULL, NULL, NULL);
tt_assert(buf);
cp = buf;
rp1 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL);
@ -201,6 +226,10 @@ test_dir_formats(void *arg)
strlcpy(buf2,
"router Fred 10.3.2.1 9005 0 0\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n", sizeof(buf2));
strlcat(buf2, cert_buf, sizeof(buf2));
strlcat(buf2, "-----END ED25519 CERT-----\n"
"platform Tor "VERSION" on ", sizeof(buf2));
strlcat(buf2, get_uname(), sizeof(buf2));
strlcat(buf2, "\n"
@ -215,19 +244,52 @@ test_dir_formats(void *arg)
strlcat(buf2, pk2_str, sizeof(buf2));
strlcat(buf2, "signing-key\n", sizeof(buf2));
strlcat(buf2, pk1_str, sizeof(buf2));
strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
strlcat(buf2, "ntor-onion-key "
"skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
strlcat(buf2, "router-signature\n", sizeof(buf2));
int rsa_cc_len;
rsa_cc = make_tap_onion_key_crosscert(pk2,
&kp1.pubkey,
pk1,
&rsa_cc_len);
tt_assert(rsa_cc);
base64_encode(cert_buf, sizeof(cert_buf), (char*)rsa_cc, rsa_cc_len,
BASE64_ENCODE_MULTILINE);
strlcat(buf2, "onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n", sizeof(buf2));
strlcat(buf2, cert_buf, sizeof(buf2));
strlcat(buf2, "-----END CROSSCERT-----\n", sizeof(buf2));
int ntor_cc_sign;
ntor_cc = make_ntor_onion_key_crosscert(&r2_onion_keypair,
&kp1.pubkey,
r2->cache_info.published_on,
MIN_ONION_KEY_LIFETIME,
&ntor_cc_sign);
tt_assert(ntor_cc);
base64_encode(cert_buf, sizeof(cert_buf),
(char*)ntor_cc->encoded, ntor_cc->encoded_len,
BASE64_ENCODE_MULTILINE);
tor_snprintf(buf2+strlen(buf2), sizeof(buf2)-strlen(buf2),
"ntor-onion-key-crosscert %d\n"
"-----BEGIN ED25519 CERT-----\n"
"%s"
"-----END ED25519 CERT-----\n", ntor_cc_sign, cert_buf);
buf = router_dump_router_to_string(r2, pk1);
strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
strlcat(buf2, "ntor-onion-key ", sizeof(buf2));
base64_encode(cert_buf, sizeof(cert_buf),
(const char*)r2_onion_keypair.pubkey.public_key, 32,
BASE64_ENCODE_MULTILINE);
strlcat(buf2, cert_buf, sizeof(buf2));
strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
strlcat(buf2, "router-sig-ed25519 ", sizeof(buf2));
buf = router_dump_router_to_string(r2, pk1, pk2, &r2_onion_keypair, &kp2);
tt_assert(buf);
buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same
* twice */
tt_str_op(buf,OP_EQ, buf2);
tt_str_op(buf, OP_EQ, buf2);
tor_free(buf);
buf = router_dump_router_to_string(r2, pk1);
buf = router_dump_router_to_string(r2, pk1, NULL, NULL, NULL);
cp = buf;
rp2 = router_parse_entry_from_string((const char*)cp,NULL,1,0,NULL,NULL);
tt_assert(rp2);
@ -280,6 +342,7 @@ test_dir_formats(void *arg)
if (rp2)
routerinfo_free(rp2);
tor_free(rsa_cc);
tor_free(buf);
tor_free(pk1_str);
tor_free(pk2_str);
@ -293,7 +356,7 @@ test_dir_formats(void *arg)
#include "failing_routerdescs.inc"
static void
test_dir_routerparse_bad(void *arg)
test_dir_routerinfo_parsing(void *arg)
{
(void) arg;
@ -318,6 +381,8 @@ test_dir_routerparse_bad(void *arg)
CHECK_OK(EX_RI_MINIMAL);
CHECK_OK(EX_RI_MAXIMAL);
CHECK_OK(EX_RI_MINIMAL_ED);
/* good annotations prepended */
routerinfo_free(ri);
ri = router_parse_entry_from_string(EX_RI_MINIMAL, NULL, 0, 0,
@ -376,8 +441,28 @@ test_dir_routerparse_bad(void *arg)
CHECK_FAIL(EX_RI_BAD_FAMILY, 0);
CHECK_FAIL(EX_RI_ZERO_ORPORT, 0);
CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT, 0);
CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT2, 0);
CHECK_FAIL(EX_RI_ED_MISSING_CROSSCERT_SIGN, 0);
CHECK_FAIL(EX_RI_ED_BAD_SIG1, 0);
CHECK_FAIL(EX_RI_ED_BAD_SIG2, 0);
CHECK_FAIL(EX_RI_ED_BAD_SIG3, 0);
CHECK_FAIL(EX_RI_ED_BAD_SIG4, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT1, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT3, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT4, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT5, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT6, 0);
CHECK_FAIL(EX_RI_ED_BAD_CROSSCERT7, 0);
CHECK_FAIL(EX_RI_ED_MISPLACED1, 0);
CHECK_FAIL(EX_RI_ED_MISPLACED2, 0);
CHECK_FAIL(EX_RI_ED_BAD_CERT1, 0);
CHECK_FAIL(EX_RI_ED_BAD_CERT2, 0);
CHECK_FAIL(EX_RI_ED_BAD_CERT3, 0);
/* This is allowed; we just ignore it. */
CHECK_OK(EX_RI_BAD_EI_DIGEST);
CHECK_OK(EX_RI_BAD_EI_DIGEST2);
#undef CHECK_FAIL
#undef CHECK_OK
@ -433,20 +518,34 @@ test_dir_extrainfo_parsing(void *arg)
tt_assert(ei->pending_sig);
CHECK_OK(EX_EI_MAXIMAL);
tt_assert(ei->pending_sig);
CHECK_OK(EX_EI_GOOD_ED_EI);
tt_assert(ei->pending_sig);
map = (struct digest_ri_map_t *)digestmap_new();
ADD(EX_EI_MINIMAL);
ADD(EX_EI_MAXIMAL);
ADD(EX_EI_GOOD_ED_EI);
ADD(EX_EI_BAD_FP);
ADD(EX_EI_BAD_NICKNAME);
ADD(EX_EI_BAD_TOKENS);
ADD(EX_EI_BAD_START);
ADD(EX_EI_BAD_PUBLISHED);
ADD(EX_EI_ED_MISSING_SIG);
ADD(EX_EI_ED_MISSING_CERT);
ADD(EX_EI_ED_BAD_CERT1);
ADD(EX_EI_ED_BAD_CERT2);
ADD(EX_EI_ED_BAD_SIG1);
ADD(EX_EI_ED_BAD_SIG2);
ADD(EX_EI_ED_MISPLACED_CERT);
ADD(EX_EI_ED_MISPLACED_SIG);
CHECK_OK(EX_EI_MINIMAL);
tt_assert(!ei->pending_sig);
CHECK_OK(EX_EI_MAXIMAL);
tt_assert(!ei->pending_sig);
CHECK_OK(EX_EI_GOOD_ED_EI);
tt_assert(!ei->pending_sig);
CHECK_FAIL(EX_EI_BAD_SIG1,1);
CHECK_FAIL(EX_EI_BAD_SIG2,1);
@ -457,6 +556,15 @@ test_dir_extrainfo_parsing(void *arg)
CHECK_FAIL(EX_EI_BAD_START,0);
CHECK_FAIL(EX_EI_BAD_PUBLISHED,0);
CHECK_FAIL(EX_EI_ED_MISSING_SIG,0);
CHECK_FAIL(EX_EI_ED_MISSING_CERT,0);
CHECK_FAIL(EX_EI_ED_BAD_CERT1,0);
CHECK_FAIL(EX_EI_ED_BAD_CERT2,0);
CHECK_FAIL(EX_EI_ED_BAD_SIG1,0);
CHECK_FAIL(EX_EI_ED_BAD_SIG2,0);
CHECK_FAIL(EX_EI_ED_MISPLACED_CERT,0);
CHECK_FAIL(EX_EI_ED_MISPLACED_SIG,0);
#undef CHECK_OK
#undef CHECK_FAIL
@ -1394,6 +1502,7 @@ generate_ri_from_rs(const vote_routerstatus_t *vrs)
static time_t published = 0;
r = tor_malloc_zero(sizeof(routerinfo_t));
r->cert_expiration_time = TIME_MAX;
memcpy(r->cache_info.identity_digest, rs->identity_digest, DIGEST_LEN);
memcpy(r->cache_info.signed_descriptor_digest, rs->descriptor_digest,
DIGEST_LEN);
@ -3108,7 +3217,7 @@ test_dir_packages(void *arg)
struct testcase_t dir_tests[] = {
DIR_LEGACY(nicknames),
DIR_LEGACY(formats),
DIR(routerparse_bad, 0),
DIR(routerinfo_parsing, 0),
DIR(extrainfo_parsing, 0),
DIR(parse_router_list, TT_FORK),
DIR(load_routers, TT_FORK),

255
src/test/test_keypin.c Normal file
View File

@ -0,0 +1,255 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define KEYPIN_PRIVATE
#include "or.h"
#include "keypin.h"
#include "util.h"
#include "test.h"
static void
test_keypin_parse_line(void *arg)
{
(void)arg;
keypin_ent_t *ent = NULL;
/* Good line */
ent = keypin_parse_journal_line(
"aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
"VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
tt_assert(ent);
tt_mem_op(ent->rsa_id, ==, "here is a good sha1!", 20);
tt_mem_op(ent->ed25519_key, ==, "This ed25519 scoffs at the sha1.", 32);
tor_free(ent); ent = NULL;
/* Good line with extra stuff we will ignore. */
ent = keypin_parse_journal_line(
"aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
"VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4helloworld");
tt_assert(ent);
tt_mem_op(ent->rsa_id, ==, "here is a good sha1!", 20);
tt_mem_op(ent->ed25519_key, ==, "This ed25519 scoffs at the sha1.", 32);
tor_free(ent); ent = NULL;
/* Bad line: no space in the middle. */
ent = keypin_parse_journal_line(
"aGVyZSBpcyBhIGdvb2Qgc2hhMSE?"
"VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
tt_assert(! ent);
/* Bad line: bad base64 in RSA ID */
ent = keypin_parse_journal_line(
"aGVyZSBpcyBhIGdv!2Qgc2hhMSE "
"VGhpcyBlZDI1NTE5IHNjb2ZmcyBhdCB0aGUgc2hhMS4");
tt_assert(! ent);
/* Bad line: bad base64 in Ed25519 */
ent = keypin_parse_journal_line(
"aGVyZSBpcyBhIGdvb2Qgc2hhMSE "
"VGhpcyBlZDI1NTE5IHNjb2ZmcyB!dCB0aGUgc2hhMS4");
tt_assert(! ent);
done:
tor_free(ent);
}
static smartlist_t *mock_addent_got = NULL;
static void
mock_addent(keypin_ent_t *ent)
{
smartlist_add(mock_addent_got, ent);
keypin_add_entry_to_map__real(ent);
}
static void
test_keypin_parse_file(void *arg)
{
(void)arg;
mock_addent_got = smartlist_new();
MOCK(keypin_add_entry_to_map, mock_addent);
/* Simple, minimal, correct example. */
const char data1[] =
"PT09PT09PT09PT09PT09PT09PT0 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0\n"
"TG9yYXggaXBzdW0gZ3J1dnZ1bHU cyB0aG5lZWQgYW1ldCwgc25lcmdlbGx5IG9uY2UtbGU\n"
"ciBsZXJraW0sIHNlZCBkbyBiYXI YmFsb290IHRlbXBvciBnbHVwcGl0dXMgdXQgbGFib3I\n"
"ZSBldCB0cnVmZnVsYSBtYWduYSA YWxpcXVhLiBVdCBlbmltIGFkIGdyaWNrbGUtZ3Jhc3M\n"
"dmVuaWFtLCBxdWlzIG1pZmYtbXU ZmZlcmVkIGdhLXp1bXBjbyBsYWJvcmlzIG5pc2kgdXQ\n"
"Y3J1ZmZ1bHVzIGV4IGVhIHNjaGw b3BwaXR5IGNvbnNlcXVhdC4gRHVpcyBhdXRlIHNuYXI\n"
"Z2dsZSBpbiBzd29tZWVzd2FucyA aW4gdm9sdXB0YXRlIGF4ZS1oYWNrZXIgZXNzZSByaXA\n"
"cHVsdXMgY3J1bW1paSBldSBtb28 ZiBudWxsYSBzbnV2di5QTFVHSFBMT1ZFUlhZWlpZLi4\n";
tt_int_op(0, ==, keypin_load_journal_impl(data1, strlen(data1)));
tt_int_op(8, ==, smartlist_len(mock_addent_got));
keypin_ent_t *ent = smartlist_get(mock_addent_got, 2);
tt_mem_op(ent->rsa_id, ==, "r lerkim, sed do bar", 20);
tt_mem_op(ent->ed25519_key, ==, "baloot tempor gluppitus ut labor", 32);
/* More complex example: weird lines, bogus lines,
duplicate/conflicting lines */
const char data2[] =
"PT09PT09PT09PT09PT09PT09PT0 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0\n"
"# This is a comment.\n"
" \n"
"QXQgdGhlIGVuZCBvZiB0aGUgeWU YXIgS3VycmVta2FybWVycnVrIHNhaWQgdG8gaGltLCA\n"
"IllvdSBoYXZlIG1hZGUgYSBnb28 ZCBiZWdpbm5pbmcuIiBCdXQgbm8gbW9yZS4gV2l6YXI\n"
"\n"
"ZHMgc3BlYWsgdHJ1dGgsIGFuZCA aXQgd2FzIHRydWUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
"@reserved for a future extension \n"
"eSBvZiBOYW1lcyB0aGF0IEdlZCA aGFkIHRvaWxlZCbyB3aW4gdGhhdCB5ZWFyIHdhcyA\n"
"eSBvZiBOYW1lcyB0aGF0IEdlZCA aGFkIHRvaWxlZCbyB3aW4gdGhhdCB5ZWFyIHdhcy"
"A line too long\n"
"dGhlIG1lcmUgc3RhcnQgb2Ygd2g YXQgaGUgbXVzdCBnbyBvb!BsZWFybmluZy4uLi4uLi4\n"
"ZHMgc3BlYWsgdaJ1dGgsIGFuZCA aXQgd2FzIHRydWUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
"ZHMgc3BlYWsgdHJ1dGgsIGFuZCA aXQgd2FzIHRydaUgdGhhdCBhbGwgdGhlIG1hc3Rlcgo\n"
;
tt_int_op(0, ==, keypin_load_journal_impl(data2, strlen(data2)));
tt_int_op(11, ==, smartlist_len(mock_addent_got));
ent = smartlist_get(mock_addent_got, 9);
tt_mem_op(ent->rsa_id, ==, "\"You have made a goo", 20);
tt_mem_op(ent->ed25519_key, ==, "d beginning.\" But no more. Wizar", 32);
ent = smartlist_get(mock_addent_got, 10);
tt_mem_op(ent->rsa_id, ==, "ds speak truth, and ", 20);
tt_mem_op(ent->ed25519_key, ==, "it was true that all the master\n", 32);
/* File truncated before NL */
const char data3[] =
"Tm8gZHJhZ29uIGNhbiByZXNpc3Q IHRoZSBmYXNjaW5hdGlvbiBvZiByaWRkbGluZyB0YWw";
tt_int_op(0, ==, keypin_load_journal_impl(data3, strlen(data3)));
tt_int_op(12, ==, smartlist_len(mock_addent_got));
ent = smartlist_get(mock_addent_got, 11);
tt_mem_op(ent->rsa_id, ==, "No dragon can resist", 20);
tt_mem_op(ent->ed25519_key, ==, " the fascination of riddling tal", 32);
done:
keypin_clear();
smartlist_free(mock_addent_got);
}
#define ADD(a,b) keypin_check_and_add((const uint8_t*)(a),(const uint8_t*)(b))
#define LONE_RSA(a) keypin_check_lone_rsa((const uint8_t*)(a))
static void
test_keypin_add_entry(void *arg)
{
(void)arg;
keypin_clear();
tt_int_op(KEYPIN_ADDED, ==, ADD("ambassadors-at-large",
"bread-and-butter thing-in-itself"));
tt_int_op(KEYPIN_ADDED, ==, ADD("gentleman-adventurer",
"cloak-and-dagger what's-his-face"));
tt_int_op(KEYPIN_FOUND, ==, ADD("ambassadors-at-large",
"bread-and-butter thing-in-itself"));
tt_int_op(KEYPIN_FOUND, ==, ADD("ambassadors-at-large",
"bread-and-butter thing-in-itself"));
tt_int_op(KEYPIN_FOUND, ==, ADD("gentleman-adventurer",
"cloak-and-dagger what's-his-face"));
tt_int_op(KEYPIN_ADDED, ==, ADD("Johnnies-come-lately",
"run-of-the-mill root-mean-square"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("gentleman-adventurer",
"hypersentimental closefistedness"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("disestablismentarian",
"cloak-and-dagger what's-his-face"));
tt_int_op(KEYPIN_FOUND, ==, ADD("gentleman-adventurer",
"cloak-and-dagger what's-his-face"));
tt_int_op(KEYPIN_NOT_FOUND, ==, LONE_RSA("Llanfairpwllgwyngyll"));
tt_int_op(KEYPIN_MISMATCH, ==, LONE_RSA("Johnnies-come-lately"));
done:
keypin_clear();
}
static void
test_keypin_journal(void *arg)
{
(void)arg;
char *contents = NULL;
const char *fname = get_fname("keypin-journal");
tt_int_op(0, ==, keypin_load_journal(fname)); /* ENOENT is okay */
update_approx_time(1217709000);
tt_int_op(0, ==, keypin_open_journal(fname));
tt_int_op(KEYPIN_ADDED, ==, ADD("king-of-the-herrings",
"good-for-nothing attorney-at-law"));
tt_int_op(KEYPIN_ADDED, ==, ADD("yellowish-red-yellow",
"salt-and-pepper high-muck-a-muck"));
tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
"salt-and-pepper high-muck-a-muck"));
keypin_close_journal();
keypin_clear();
tt_int_op(0, ==, keypin_load_journal(fname));
update_approx_time(1231041600);
tt_int_op(0, ==, keypin_open_journal(fname));
tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
"salt-and-pepper high-muck-a-muck"));
tt_int_op(KEYPIN_ADDED, ==, ADD("theatre-in-the-round",
"holier-than-thou jack-in-the-box"));
tt_int_op(KEYPIN_ADDED, ==, ADD("no-deposit-no-return",
"across-the-board will-o-the-wisp"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("intellectualizations",
"salt-and-pepper high-muck-a-muck"));
keypin_close_journal();
keypin_clear();
tt_int_op(0, ==, keypin_load_journal(fname));
update_approx_time(1412278354);
tt_int_op(0, ==, keypin_open_journal(fname));
tt_int_op(KEYPIN_FOUND, ==, ADD("yellowish-red-yellow",
"salt-and-pepper high-muck-a-muck"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("intellectualizations",
"salt-and-pepper high-muck-a-muck"));
tt_int_op(KEYPIN_FOUND, ==, ADD("theatre-in-the-round",
"holier-than-thou jack-in-the-box"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("counterrevolutionary",
"holier-than-thou jack-in-the-box"));
tt_int_op(KEYPIN_MISMATCH, ==, ADD("no-deposit-no-return",
"floccinaucinihilipilificationism"));
keypin_close_journal();
contents = read_file_to_str(fname, RFTS_BIN, NULL);
tt_assert(contents);
tt_str_op(contents,==,
"\n"
"@opened-at 2008-08-02 20:30:00\n"
"a2luZy1vZi10aGUtaGVycmluZ3M Z29vZC1mb3Itbm90aGluZyBhdHRvcm5leS1hdC1sYXc\n"
"eWVsbG93aXNoLXJlZC15ZWxsb3c c2FsdC1hbmQtcGVwcGVyIGhpZ2gtbXVjay1hLW11Y2s\n"
"\n"
"@opened-at 2009-01-04 04:00:00\n"
"dGhlYXRyZS1pbi10aGUtcm91bmQ aG9saWVyLXRoYW4tdGhvdSBqYWNrLWluLXRoZS1ib3g\n"
"bm8tZGVwb3NpdC1uby1yZXR1cm4 YWNyb3NzLXRoZS1ib2FyZCB3aWxsLW8tdGhlLXdpc3A\n"
"\n"
"@opened-at 2014-10-02 19:32:34\n");
done:
tor_free(contents);
keypin_clear();
}
#undef ADD
#undef LONE_RSA
#define TEST(name, flags) \
{ #name , test_keypin_ ## name, (flags), NULL, NULL }
struct testcase_t keypin_tests[] = {
TEST( parse_line, 0 ),
TEST( parse_file, TT_FORK ),
TEST( add_entry, TT_FORK ),
TEST( journal, TT_FORK ),
END_OF_TESTCASES
};

View File

@ -0,0 +1,914 @@
/* Copyright (c) 2014, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#include "orconfig.h"
#define CHANNELTLS_PRIVATE
#define CONNECTION_PRIVATE
#define TOR_CHANNEL_INTERNAL_
#include "or.h"
#include "config.h"
#include "connection.h"
#include "connection_or.h"
#include "channeltls.h"
#include "link_handshake.h"
#include "scheduler.h"
#include "test.h"
var_cell_t *mock_got_var_cell = NULL;
static void
mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn)
{
(void)conn;
var_cell_t *newcell = var_cell_new(vc->payload_len);
memcpy(newcell, vc, sizeof(var_cell_t));
memcpy(newcell->payload, vc->payload, vc->payload_len);
mock_got_var_cell = newcell;
}
static int
mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
{
(void) tls;
(void) cert; // XXXX look at this.
return 1;
}
static int mock_send_netinfo_called = 0;
static int
mock_send_netinfo(or_connection_t *conn)
{
(void) conn;
++mock_send_netinfo_called;// XXX check_this
return 0;
}
static int mock_close_called = 0;
static void
mock_close_for_err(or_connection_t *orconn, int flush)
{
(void)orconn;
(void)flush;
++mock_close_called;
}
static int mock_send_authenticate_called = 0;
static int
mock_send_authenticate(or_connection_t *conn, int type)
{
(void) conn;
(void) type;
++mock_send_authenticate_called;// XXX check_this
return 0;
}
/* Test good certs cells */
static void
test_link_handshake_certs_ok(void *arg)
{
(void) arg;
or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
var_cell_t *cell1 = NULL, *cell2 = NULL;
certs_cell_t *cc1 = NULL, *cc2 = NULL;
channel_tls_t *chan1 = NULL, *chan2 = NULL;
crypto_pk_t *key1 = NULL, *key2 = NULL;
scheduler_init();
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
MOCK(connection_or_send_netinfo, mock_send_netinfo);
key1 = pk_generate(2);
key2 = pk_generate(3);
/* We need to make sure that our TLS certificates are set up before we can
* actually generate a CERTS cell.
*/
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), ==, 0);
c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
c1->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
c2->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(c2, 0), ==, 0);
tt_int_op(0, ==, connection_or_send_certs_cell(c1));
tt_assert(mock_got_var_cell);
cell1 = mock_got_var_cell;
tt_int_op(0, ==, connection_or_send_certs_cell(c2));
tt_assert(mock_got_var_cell);
cell2 = mock_got_var_cell;
tt_int_op(cell1->command, ==, CELL_CERTS);
tt_int_op(cell1->payload_len, >, 1);
tt_int_op(cell2->command, ==, CELL_CERTS);
tt_int_op(cell2->payload_len, >, 1);
tt_int_op(cell1->payload_len, ==,
certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
tt_int_op(cell2->payload_len, ==,
certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
tt_int_op(2, ==, cc1->n_certs);
tt_int_op(2, ==, cc2->n_certs);
tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, ==,
CERTTYPE_RSA1024_ID_AUTH);
tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, ==,
CERTTYPE_RSA1024_ID_ID);
tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, ==,
CERTTYPE_RSA1024_ID_LINK);
tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, ==,
CERTTYPE_RSA1024_ID_ID);
chan1 = tor_malloc_zero(sizeof(*chan1));
channel_tls_common_init(chan1);
c1->chan = chan1;
chan1->conn = c1;
c1->base_.address = tor_strdup("C1");
c1->tls = tor_tls_new(-1, 0);
c1->link_proto = 4;
c1->base_.conn_array_index = -1;
crypto_pk_get_digest(key2, c1->identity_digest);
channel_tls_process_certs_cell(cell2, chan1);
tt_assert(c1->handshake_state->received_certs_cell);
tt_assert(c1->handshake_state->auth_cert == NULL);
tt_assert(c1->handshake_state->id_cert);
tt_assert(! tor_mem_is_zero(
(char*)c1->handshake_state->authenticated_peer_id, 20));
chan2 = tor_malloc_zero(sizeof(*chan2));
channel_tls_common_init(chan2);
c2->chan = chan2;
chan2->conn = c2;
c2->base_.address = tor_strdup("C2");
c2->tls = tor_tls_new(-1, 1);
c2->link_proto = 4;
c2->base_.conn_array_index = -1;
crypto_pk_get_digest(key1, c2->identity_digest);
channel_tls_process_certs_cell(cell1, chan2);
tt_assert(c2->handshake_state->received_certs_cell);
tt_assert(c2->handshake_state->auth_cert);
tt_assert(c2->handshake_state->id_cert);
tt_assert(tor_mem_is_zero(
(char*)c2->handshake_state->authenticated_peer_id, 20));
done:
UNMOCK(tor_tls_cert_matches_key);
UNMOCK(connection_or_write_var_cell_to_buf);
UNMOCK(connection_or_send_netinfo);
connection_free_(TO_CONN(c1));
connection_free_(TO_CONN(c2));
tor_free(cell1);
tor_free(cell2);
certs_cell_free(cc1);
certs_cell_free(cc2);
circuitmux_free(chan1->base_.cmux);
tor_free(chan1);
circuitmux_free(chan2->base_.cmux);
tor_free(chan2);
crypto_pk_free(key1);
crypto_pk_free(key2);
}
typedef struct certs_data_s {
or_connection_t *c;
channel_tls_t *chan;
certs_cell_t *ccell;
var_cell_t *cell;
crypto_pk_t *key1, *key2;
} certs_data_t;
static int
recv_certs_cleanup(const struct testcase_t *test, void *obj)
{
(void)test;
certs_data_t *d = obj;
UNMOCK(tor_tls_cert_matches_key);
UNMOCK(connection_or_send_netinfo);
UNMOCK(connection_or_close_for_error);
if (d) {
tor_free(d->cell);
certs_cell_free(d->ccell);
connection_free_(TO_CONN(d->c));
circuitmux_free(d->chan->base_.cmux);
tor_free(d->chan);
crypto_pk_free(d->key1);
crypto_pk_free(d->key2);
tor_free(d);
}
return 1;
}
static void *
recv_certs_setup(const struct testcase_t *test)
{
(void)test;
certs_data_t *d = tor_malloc_zero(sizeof(*d));
certs_cell_cert_t *ccc1 = NULL;
certs_cell_cert_t *ccc2 = NULL;
ssize_t n;
d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
d->chan = tor_malloc_zero(sizeof(*d->chan));
d->c->chan = d->chan;
d->c->base_.address = tor_strdup("HaveAnAddress");
d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
d->chan->conn = d->c;
tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
d->c->link_proto = 4;
d->key1 = pk_generate(2);
d->key2 = pk_generate(3);
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
d->key1, d->key2, 86400), ==, 0);
d->ccell = certs_cell_new();
ccc1 = certs_cell_cert_new();
certs_cell_add_certs(d->ccell, ccc1);
ccc2 = certs_cell_cert_new();
certs_cell_add_certs(d->ccell, ccc2);
d->ccell->n_certs = 2;
ccc1->cert_type = 1;
ccc2->cert_type = 2;
const tor_x509_cert_t *a,*b;
const uint8_t *enca, *encb;
size_t lena, lenb;
tor_tls_get_my_certs(1, &a, &b);
tor_x509_cert_get_der(a, &enca, &lena);
tor_x509_cert_get_der(b, &encb, &lenb);
certs_cell_cert_setlen_body(ccc1, lena);
ccc1->cert_len = lena;
certs_cell_cert_setlen_body(ccc2, lenb);
ccc2->cert_len = lenb;
memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena);
memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb);
d->cell = var_cell_new(4096);
d->cell->command = CELL_CERTS;
n = certs_cell_encode(d->cell->payload, 4096, d->ccell);
tt_int_op(n, >, 0);
d->cell->payload_len = n;
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
MOCK(connection_or_send_netinfo, mock_send_netinfo);
MOCK(connection_or_close_for_error, mock_close_for_err);
tt_int_op(0, ==, d->c->handshake_state->received_certs_cell);
tt_int_op(0, ==, mock_send_authenticate_called);
tt_int_op(0, ==, mock_send_netinfo_called);
return d;
done:
recv_certs_cleanup(test, d);
return NULL;
}
static struct testcase_setup_t setup_recv_certs = {
.setup_fn = recv_certs_setup,
.cleanup_fn = recv_certs_cleanup
};
static void
test_link_handshake_recv_certs_ok(void *arg)
{
certs_data_t *d = arg;
channel_tls_process_certs_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(d->c->handshake_state->authenticated, ==, 1);
tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
tt_assert(d->c->handshake_state->id_cert != NULL);
tt_assert(d->c->handshake_state->auth_cert == NULL);
done:
;
}
static void
test_link_handshake_recv_certs_ok_server(void *arg)
{
certs_data_t *d = arg;
d->c->handshake_state->started_here = 0;
certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
ssize_t n = certs_cell_encode(d->cell->payload, 2048, d->ccell);
tt_int_op(n, >, 0);
d->cell->payload_len = n;
channel_tls_process_certs_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(d->c->handshake_state->authenticated, ==, 0);
tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
tt_assert(d->c->handshake_state->id_cert != NULL);
tt_assert(d->c->handshake_state->auth_cert != NULL);
done:
;
}
#define CERTS_FAIL(name, code) \
static void \
test_link_handshake_recv_certs_ ## name (void *arg) \
{ \
certs_data_t *d = arg; \
{ code ; } \
channel_tls_process_certs_cell(d->cell, d->chan); \
tt_int_op(1, ==, mock_close_called); \
tt_int_op(0, ==, mock_send_authenticate_called); \
tt_int_op(0, ==, mock_send_netinfo_called); \
done: \
; \
}
CERTS_FAIL(badstate, d->c->base_.state = OR_CONN_STATE_CONNECTING)
CERTS_FAIL(badproto, d->c->link_proto = 2)
CERTS_FAIL(duplicate, d->c->handshake_state->received_certs_cell = 1)
CERTS_FAIL(already_authenticated,
d->c->handshake_state->authenticated = 1)
CERTS_FAIL(empty, d->cell->payload_len = 0)
CERTS_FAIL(bad_circid, d->cell->circ_id = 1)
CERTS_FAIL(truncated_1, d->cell->payload[0] = 5)
CERTS_FAIL(truncated_2, {
d->cell->payload_len = 4;
memcpy(d->cell->payload, "\x01\x01\x00\x05", 4);})
CERTS_FAIL(truncated_3, {
d->cell->payload_len = 7;
memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);})
#define REENCODE() do { \
ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \
tt_int_op(n, >, 0); \
d->cell->payload_len = n; \
} while (0)
CERTS_FAIL(not_x509, {
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3);
certs_cell_get_certs(d->ccell, 0)->cert_len = 3;
REENCODE();
})
CERTS_FAIL(both_link, {
certs_cell_get_certs(d->ccell, 0)->cert_type = 1;
certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
REENCODE();
})
CERTS_FAIL(both_id_rsa, {
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
REENCODE();
})
CERTS_FAIL(both_auth, {
certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
REENCODE();
})
CERTS_FAIL(wrong_labels_1, {
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
REENCODE();
})
CERTS_FAIL(wrong_labels_2, {
const tor_x509_cert_t *a;
const tor_x509_cert_t *b;
const uint8_t *enca;
size_t lena;
tor_tls_get_my_certs(1, &a, &b);
tor_x509_cert_get_der(a, &enca, &lena);
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena);
memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)),
enca, lena);
certs_cell_get_certs(d->ccell, 1)->cert_len = lena;
REENCODE();
})
CERTS_FAIL(wrong_labels_3, {
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
REENCODE();
})
CERTS_FAIL(server_missing_certs, {
d->c->handshake_state->started_here = 0;
})
CERTS_FAIL(server_wrong_labels_1, {
d->c->handshake_state->started_here = 0;
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
REENCODE();
})
static void
test_link_handshake_send_authchallenge(void *arg)
{
(void)arg;
or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
var_cell_t *cell1=NULL, *cell2=NULL;
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
tt_int_op(connection_init_or_handshake_state(c1, 0), ==, 0);
c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
tt_assert(! mock_got_var_cell);
tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
cell1 = mock_got_var_cell;
tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
cell2 = mock_got_var_cell;
tt_int_op(36, ==, cell1->payload_len);
tt_int_op(36, ==, cell2->payload_len);
tt_int_op(0, ==, cell1->circ_id);
tt_int_op(0, ==, cell2->circ_id);
tt_int_op(CELL_AUTH_CHALLENGE, ==, cell1->command);
tt_int_op(CELL_AUTH_CHALLENGE, ==, cell2->command);
tt_mem_op("\x00\x01\x00\x01", ==, cell1->payload + 32, 4);
tt_mem_op("\x00\x01\x00\x01", ==, cell2->payload + 32, 4);
tt_mem_op(cell1->payload, !=, cell2->payload, 32);
done:
UNMOCK(connection_or_write_var_cell_to_buf);
connection_free_(TO_CONN(c1));
tor_free(cell1);
tor_free(cell2);
}
typedef struct authchallenge_data_s {
or_connection_t *c;
channel_tls_t *chan;
var_cell_t *cell;
} authchallenge_data_t;
static int
recv_authchallenge_cleanup(const struct testcase_t *test, void *obj)
{
(void)test;
authchallenge_data_t *d = obj;
UNMOCK(connection_or_send_netinfo);
UNMOCK(connection_or_close_for_error);
UNMOCK(connection_or_send_authenticate_cell);
if (d) {
tor_free(d->cell);
connection_free_(TO_CONN(d->c));
circuitmux_free(d->chan->base_.cmux);
tor_free(d->chan);
tor_free(d);
}
return 1;
}
static void *
recv_authchallenge_setup(const struct testcase_t *test)
{
(void)test;
authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
d->chan = tor_malloc_zero(sizeof(*d->chan));
d->c->chan = d->chan;
d->c->base_.address = tor_strdup("HaveAnAddress");
d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
d->chan->conn = d->c;
tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
d->c->link_proto = 4;
d->c->handshake_state->received_certs_cell = 1;
d->cell = var_cell_new(128);
d->cell->payload_len = 38;
d->cell->payload[33] = 2;
d->cell->payload[35] = 7;
d->cell->payload[37] = 1;
d->cell->command = CELL_AUTH_CHALLENGE;
get_options_mutable()->ORPort_set = 1;
MOCK(connection_or_close_for_error, mock_close_for_err);
MOCK(connection_or_send_netinfo, mock_send_netinfo);
MOCK(connection_or_send_authenticate_cell, mock_send_authenticate);
tt_int_op(0, ==, d->c->handshake_state->received_auth_challenge);
tt_int_op(0, ==, mock_send_authenticate_called);
tt_int_op(0, ==, mock_send_netinfo_called);
return d;
done:
recv_authchallenge_cleanup(test, d);
return NULL;
}
static struct testcase_setup_t setup_recv_authchallenge = {
.setup_fn = recv_authchallenge_setup,
.cleanup_fn = recv_authchallenge_cleanup
};
static void
test_link_handshake_recv_authchallenge_ok(void *arg)
{
authchallenge_data_t *d = arg;
channel_tls_process_auth_challenge_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
tt_int_op(1, ==, mock_send_authenticate_called);
tt_int_op(1, ==, mock_send_netinfo_called);
done:
;
}
static void
test_link_handshake_recv_authchallenge_ok_noserver(void *arg)
{
authchallenge_data_t *d = arg;
get_options_mutable()->ORPort_set = 0;
channel_tls_process_auth_challenge_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
tt_int_op(0, ==, mock_send_authenticate_called);
tt_int_op(0, ==, mock_send_netinfo_called);
done:
;
}
static void
test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
{
authchallenge_data_t *d = arg;
d->cell->payload[37] = 99;
channel_tls_process_auth_challenge_cell(d->cell, d->chan);
tt_int_op(0, ==, mock_close_called);
tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
tt_int_op(0, ==, mock_send_authenticate_called);
tt_int_op(1, ==, mock_send_netinfo_called);
done:
;
}
#define AUTHCHALLENGE_FAIL(name, code) \
static void \
test_link_handshake_recv_authchallenge_ ## name (void *arg) \
{ \
authchallenge_data_t *d = arg; \
{ code ; } \
channel_tls_process_auth_challenge_cell(d->cell, d->chan); \
tt_int_op(1, ==, mock_close_called); \
tt_int_op(0, ==, mock_send_authenticate_called); \
tt_int_op(0, ==, mock_send_netinfo_called); \
done: \
; \
}
AUTHCHALLENGE_FAIL(badstate,
d->c->base_.state = OR_CONN_STATE_CONNECTING)
AUTHCHALLENGE_FAIL(badproto,
d->c->link_proto = 2)
AUTHCHALLENGE_FAIL(as_server,
d->c->handshake_state->started_here = 0;)
AUTHCHALLENGE_FAIL(duplicate,
d->c->handshake_state->received_auth_challenge = 1)
AUTHCHALLENGE_FAIL(nocerts,
d->c->handshake_state->received_certs_cell = 0)
AUTHCHALLENGE_FAIL(tooshort,
d->cell->payload_len = 33)
AUTHCHALLENGE_FAIL(truncated,
d->cell->payload_len = 34)
AUTHCHALLENGE_FAIL(nonzero_circid,
d->cell->circ_id = 1337)
static tor_x509_cert_t *mock_peer_cert = NULL;
static tor_x509_cert_t *
mock_get_peer_cert(tor_tls_t *tls)
{
(void)tls;
return mock_peer_cert;
}
static int
mock_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
{
(void)tls;
memcpy(secrets_out, "int getRandomNumber(){return 4;}", 32);
return 0;
}
static void
mock_set_circid_type(channel_t *chan,
crypto_pk_t *identity_rcvd,
int consider_identity)
{
(void) chan;
(void) identity_rcvd;
(void) consider_identity;
}
typedef struct authenticate_data_s {
or_connection_t *c1, *c2;
channel_tls_t *chan2;
var_cell_t *cell;
crypto_pk_t *key1, *key2;
} authenticate_data_t;
static int
authenticate_data_cleanup(const struct testcase_t *test, void *arg)
{
(void) test;
UNMOCK(connection_or_write_var_cell_to_buf);
UNMOCK(tor_tls_get_peer_cert);
UNMOCK(tor_tls_get_tlssecrets);
UNMOCK(connection_or_close_for_error);
UNMOCK(channel_set_circid_type);
authenticate_data_t *d = arg;
if (d) {
tor_free(d->cell);
connection_free_(TO_CONN(d->c1));
connection_free_(TO_CONN(d->c2));
circuitmux_free(d->chan2->base_.cmux);
tor_free(d->chan2);
crypto_pk_free(d->key1);
crypto_pk_free(d->key2);
tor_free(d);
}
mock_peer_cert = NULL;
return 1;
}
static void *
authenticate_data_setup(const struct testcase_t *test)
{
authenticate_data_t *d = tor_malloc_zero(sizeof(*d));
scheduler_init();
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
MOCK(connection_or_close_for_error, mock_close_for_err);
MOCK(channel_set_circid_type, mock_set_circid_type);
d->c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
d->c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
d->key1 = pk_generate(2);
d->key2 = pk_generate(3);
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
d->key1, d->key2, 86400), ==, 0);
d->c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
d->c1->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(d->c1, 1), ==, 0);
d->c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
d->c2->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(d->c2, 0), ==, 0);
var_cell_t *cell = var_cell_new(16);
cell->command = CELL_CERTS;
or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 1);
or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 0);
memset(cell->payload, 0xf0, 16);
or_handshake_state_record_var_cell(d->c1, d->c1->handshake_state, cell, 0);
or_handshake_state_record_var_cell(d->c2, d->c2->handshake_state, cell, 1);
tor_free(cell);
d->chan2 = tor_malloc_zero(sizeof(*d->chan2));
channel_tls_common_init(d->chan2);
d->c2->chan = d->chan2;
d->chan2->conn = d->c2;
d->c2->base_.address = tor_strdup("C2");
d->c2->tls = tor_tls_new(-1, 1);
d->c2->handshake_state->received_certs_cell = 1;
const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL, *auth_cert=NULL;
tt_assert(! tor_tls_get_my_certs(1, &link_cert, &id_cert));
const uint8_t *der;
size_t sz;
tor_x509_cert_get_der(id_cert, &der, &sz);
d->c1->handshake_state->id_cert = tor_x509_cert_decode(der, sz);
d->c2->handshake_state->id_cert = tor_x509_cert_decode(der, sz);
tor_x509_cert_get_der(link_cert, &der, &sz);
mock_peer_cert = tor_x509_cert_decode(der, sz);
tt_assert(mock_peer_cert);
tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
tor_x509_cert_get_der(auth_cert, &der, &sz);
d->c2->handshake_state->auth_cert = tor_x509_cert_decode(der, sz);
/* Make an authenticate cell ... */
tt_int_op(0, ==, connection_or_send_authenticate_cell(d->c1,
AUTHTYPE_RSA_SHA256_TLSSECRET));
tt_assert(mock_got_var_cell);
d->cell = mock_got_var_cell;
mock_got_var_cell = NULL;
return d;
done:
authenticate_data_cleanup(test, d);
return NULL;
}
static struct testcase_setup_t setup_authenticate = {
.setup_fn = authenticate_data_setup,
.cleanup_fn = authenticate_data_cleanup
};
static void
test_link_handshake_auth_cell(void *arg)
{
authenticate_data_t *d = arg;
auth1_t *auth1 = NULL;
crypto_pk_t *auth_pubkey = NULL;
/* Is the cell well-formed on the outer layer? */
tt_int_op(d->cell->command, ==, CELL_AUTHENTICATE);
tt_int_op(d->cell->payload[0], ==, 0);
tt_int_op(d->cell->payload[1], ==, 1);
tt_int_op(ntohs(get_uint16(d->cell->payload + 2)), ==,
d->cell->payload_len - 4);
/* Check it out for plausibility... */
auth_ctx_t ctx;
ctx.is_ed = 0;
tt_int_op(d->cell->payload_len-4, ==, auth1_parse(&auth1,
d->cell->payload+4,
d->cell->payload_len - 4, &ctx));
tt_assert(auth1);
tt_mem_op(auth1->type, ==, "AUTH0001", 8);
tt_mem_op(auth1->tlssecrets, ==, "int getRandomNumber(){return 4;}", 32);
tt_int_op(auth1_getlen_sig(auth1), >, 120);
/* Is the signature okay? */
uint8_t sig[128];
uint8_t digest[32];
auth_pubkey = tor_tls_cert_get_key(d->c2->handshake_state->auth_cert);
int n = crypto_pk_public_checksig(
auth_pubkey,
(char*)sig, sizeof(sig), (char*)auth1_getarray_sig(auth1),
auth1_getlen_sig(auth1));
tt_int_op(n, ==, 32);
const uint8_t *start = d->cell->payload+4, *end = auth1->end_of_signed;
crypto_digest256((char*)digest,
(const char*)start, end-start, DIGEST_SHA256);
tt_mem_op(sig, ==, digest, 32);
/* Then feed it to c2. */
tt_int_op(d->c2->handshake_state->authenticated, ==, 0);
channel_tls_process_authenticate_cell(d->cell, d->chan2);
tt_int_op(mock_close_called, ==, 0);
tt_int_op(d->c2->handshake_state->authenticated, ==, 1);
done:
auth1_free(auth1);
crypto_pk_free(auth_pubkey);
}
#define AUTHENTICATE_FAIL(name, code) \
static void \
test_link_handshake_auth_ ## name (void *arg) \
{ \
authenticate_data_t *d = arg; \
{ code ; } \
tt_int_op(d->c2->handshake_state->authenticated, ==, 0); \
channel_tls_process_authenticate_cell(d->cell, d->chan2); \
tt_int_op(mock_close_called, ==, 1); \
tt_int_op(d->c2->handshake_state->authenticated, ==, 0); \
done: \
; \
}
AUTHENTICATE_FAIL(badstate,
d->c2->base_.state = OR_CONN_STATE_CONNECTING)
AUTHENTICATE_FAIL(badproto,
d->c2->link_proto = 2)
AUTHENTICATE_FAIL(atclient,
d->c2->handshake_state->started_here = 1)
AUTHENTICATE_FAIL(duplicate,
d->c2->handshake_state->received_authenticate = 1)
static void
test_link_handshake_auth_already_authenticated(void *arg)
{
authenticate_data_t *d = arg;
d->c2->handshake_state->authenticated = 1;
channel_tls_process_authenticate_cell(d->cell, d->chan2);
tt_int_op(mock_close_called, ==, 1);
tt_int_op(d->c2->handshake_state->authenticated, ==, 1);
done:
;
}
AUTHENTICATE_FAIL(nocerts,
d->c2->handshake_state->received_certs_cell = 0)
AUTHENTICATE_FAIL(noidcert,
tor_x509_cert_free(d->c2->handshake_state->id_cert);
d->c2->handshake_state->id_cert = NULL)
AUTHENTICATE_FAIL(noauthcert,
tor_x509_cert_free(d->c2->handshake_state->auth_cert);
d->c2->handshake_state->auth_cert = NULL)
AUTHENTICATE_FAIL(tooshort,
d->cell->payload_len = 3)
AUTHENTICATE_FAIL(badtype,
d->cell->payload[0] = 0xff)
AUTHENTICATE_FAIL(truncated_1,
d->cell->payload[2]++)
AUTHENTICATE_FAIL(truncated_2,
d->cell->payload[3]++)
AUTHENTICATE_FAIL(tooshort_1,
tt_int_op(d->cell->payload_len, >=, 260);
d->cell->payload[2] -= 1;
d->cell->payload_len -= 256;)
AUTHENTICATE_FAIL(badcontent,
d->cell->payload[10] ^= 0xff)
AUTHENTICATE_FAIL(badsig_1,
d->cell->payload[d->cell->payload_len - 5] ^= 0xff)
#define TEST(name, flags) \
{ #name , test_link_handshake_ ## name, (flags), NULL, NULL }
#define TEST_RCV_AUTHCHALLENGE(name) \
{ "recv_authchallenge/" #name , \
test_link_handshake_recv_authchallenge_ ## name, TT_FORK, \
&setup_recv_authchallenge, NULL }
#define TEST_RCV_CERTS(name) \
{ "recv_certs/" #name , \
test_link_handshake_recv_certs_ ## name, TT_FORK, \
&setup_recv_certs, NULL }
#define TEST_AUTHENTICATE(name) \
{ "authenticate/" #name , test_link_handshake_auth_ ## name, TT_FORK, \
&setup_authenticate, NULL }
struct testcase_t link_handshake_tests[] = {
TEST(certs_ok, TT_FORK),
//TEST(certs_bad, TT_FORK),
TEST_RCV_CERTS(ok),
TEST_RCV_CERTS(ok_server),
TEST_RCV_CERTS(badstate),
TEST_RCV_CERTS(badproto),
TEST_RCV_CERTS(duplicate),
TEST_RCV_CERTS(already_authenticated),
TEST_RCV_CERTS(empty),
TEST_RCV_CERTS(bad_circid),
TEST_RCV_CERTS(truncated_1),
TEST_RCV_CERTS(truncated_2),
TEST_RCV_CERTS(truncated_3),
TEST_RCV_CERTS(not_x509),
TEST_RCV_CERTS(both_link),
TEST_RCV_CERTS(both_id_rsa),
TEST_RCV_CERTS(both_auth),
TEST_RCV_CERTS(wrong_labels_1),
TEST_RCV_CERTS(wrong_labels_2),
TEST_RCV_CERTS(wrong_labels_3),
TEST_RCV_CERTS(server_missing_certs),
TEST_RCV_CERTS(server_wrong_labels_1),
TEST(send_authchallenge, TT_FORK),
TEST_RCV_AUTHCHALLENGE(ok),
TEST_RCV_AUTHCHALLENGE(ok_noserver),
TEST_RCV_AUTHCHALLENGE(ok_unrecognized),
TEST_RCV_AUTHCHALLENGE(badstate),
TEST_RCV_AUTHCHALLENGE(badproto),
TEST_RCV_AUTHCHALLENGE(as_server),
TEST_RCV_AUTHCHALLENGE(duplicate),
TEST_RCV_AUTHCHALLENGE(nocerts),
TEST_RCV_AUTHCHALLENGE(tooshort),
TEST_RCV_AUTHCHALLENGE(truncated),
TEST_RCV_AUTHCHALLENGE(nonzero_circid),
TEST_AUTHENTICATE(cell),
TEST_AUTHENTICATE(badstate),
TEST_AUTHENTICATE(badproto),
TEST_AUTHENTICATE(atclient),
TEST_AUTHENTICATE(duplicate),
TEST_AUTHENTICATE(already_authenticated),
TEST_AUTHENTICATE(nocerts),
TEST_AUTHENTICATE(noidcert),
TEST_AUTHENTICATE(noauthcert),
TEST_AUTHENTICATE(tooshort),
TEST_AUTHENTICATE(badtype),
TEST_AUTHENTICATE(truncated_1),
TEST_AUTHENTICATE(truncated_2),
TEST_AUTHENTICATE(tooshort_1),
TEST_AUTHENTICATE(badcontent),
TEST_AUTHENTICATE(badsig_1),
//TEST_AUTHENTICATE(),
END_OF_TESTCASES
};

View File

@ -10,6 +10,7 @@
#include "networkstatus.h"
#include "routerlist.h"
#include "routerparse.h"
#include "torcert.h"
#include "test.h"
@ -335,6 +336,59 @@ static const char test_ri[] =
"t0xkIE39ss/EwmQr7iIgkdVH4oRIMsjYnFFJBG26nYY=\n"
"-----END SIGNATURE-----\n";
static const char test_ri2[] =
"router test001a 127.0.0.1 5001 0 7001\n"
"identity-ed25519\n"
"-----BEGIN ED25519 CERT-----\n"
"AQQABf/FAf5iDuKCZP2VxnAaQWdklilAh6kaEeFX4z8261Yx2T1/AQAgBADCp8vO\n"
"B8K1F9g2DzwuwvVCnPFLSK1qknVqPpNucHLH9DY7fuIYogBAdz4zHv1qC7RKaMNG\n"
"Jux/tMO2tzPcm62Ky5PjClMQplKUOnZNQ+RIpA3wYCIfUDy/cQnY7XWgNQ0=\n"
"-----END ED25519 CERT-----\n"
"platform Tor 0.2.6.0-alpha-dev on Darwin\n"
"protocols Link 1 2 Circuit 1\n"
"published 2014-10-08 12:58:04\n"
"fingerprint B7E2 7F10 4213 C36F 13E7 E982 9182 845E 4959 97A0\n"
"uptime 0\n"
"bandwidth 1073741824 1073741824 0\n"
"extra-info-digest 568F27331B6D8C73E7024F1EF5D097B90DFC7CDB\n"
"caches-extra-info\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
"+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
"l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAN8+78KUVlgHXdMMkYJxcwh1Zv2y+Gb5eWUyltUaQRajhrT9ij2T5JZs\n"
"M0g85xTcuM3jNVVpV79+33hiTohdC6UZ+Bk4USQ7WBFzRbVFSXoVKLBJFkCOIexg\n"
"SMGNd5WEDtHWrXl58mizmPFu1eG6ZxHzt7RuLSol5cwBvawXPNkFAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"onion-key-crosscert\n"
"-----BEGIN CROSSCERT-----\n"
"ETFDzU49bvNfoZnKK1j6JeBP2gDirgj6bBCgWpUYs663OO9ypbZRO0JwWANssKl6\n"
"oaq9vKTsKGRsaNnqnz/JGMhehymakjjNtqg7crWwsahe8+7Pw9GKmW+YjFtcOkUf\n"
"KfOn2bmKBa1FoJb4yW3oXzHcdlLSRuCciKqPn+Hky5o=\n"
"-----END CROSSCERT-----\n"
"ntor-onion-key-crosscert 0\n"
"-----BEGIN ED25519 CERT-----\n"
"AQoABf2dAcKny84HwrUX2DYPPC7C9UKc8UtIrWqSdWo+k25wcsf0AFohutG+xI06\n"
"Ef21c5Zl1j8Hw6DzHDjYyJevXLFuOneaL3zcH2Ldn4sjrG3kc5UuVvRfTvV120UO\n"
"xk4f5s5LGwY=\n"
"-----END ED25519 CERT-----\n"
"hidden-service-dir\n"
"contact auth1@test.test\n"
"ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
"reject *:*\n"
"router-sig-ed25519 5aQXyTif7PExIuL2di37UvktmJECKnils2OWz2vDi"
"hFxi+5TTAAPxYkS5clhc/Pjvw34itfjGmTKFic/8httAQ\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"BaUB+aFPQbb3BwtdzKsKqV3+6cRlSqJF5bI3UTmwRoJk+Z5Pz+W5NWokNI0xArHM\n"
"T4T5FZCCP9350jXsUCIvzyIyktU6aVRCGFt76rFlo1OETpN8GWkMnQU0w18cxvgS\n"
"cf34GXHv61XReJF3AlzNHFpbrPOYmowmhrTULKyMqow=\n"
"-----END SIGNATURE-----\n";
static const char test_md_8[] =
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
@ -365,6 +419,26 @@ static const char test_md_18[] =
"p reject 25,119,135-139,445,563,1214,4661-4666,6346-6429,6699,6881-6999\n"
"id rsa1024 Cd47okjCHD83YGzThGBDptXs9Z4\n";
static const char test_md2_18[] =
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
"+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
"l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
"id rsa1024 t+J/EEITw28T5+mCkYKEXklZl6A\n";
static const char test_md2_21[] =
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAL2R8EfubUcahxha4u02P4VAR0llQIMwFAmrHPjzcK7apcQgDOf2ovOA\n"
"+YQnJFxlpBmCoCZC6ssCi+9G0mqo650lFuTMP5I90BdtjotfzESfTykHLiChyvhd\n"
"l0dlqclb2SU/GKem/fLRXH16aNi72CdSUu/1slKs/70ILi34QixRAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"ntor-onion-key hbxdRnfVUJJY7+KcT4E3Rs7/zuClbN3hJrjSBiEGMgI=\n"
"id ed25519 wqfLzgfCtRfYNg88LsL1QpzxS0itapJ1aj6TbnByx/Q\n";
static void
test_md_generate(void *arg)
{
@ -391,6 +465,25 @@ test_md_generate(void *arg)
md = dirvote_create_microdescriptor(ri, 18);
tt_str_op(md->body, OP_EQ, test_md_18);
microdesc_free(md);
md = NULL;
md = dirvote_create_microdescriptor(ri, 21);
tt_str_op(md->body, ==, test_md_18);
ri = router_parse_entry_from_string(test_ri2, NULL, 0, 0, NULL, NULL);
microdesc_free(md);
md = NULL;
md = dirvote_create_microdescriptor(ri, 18);
tt_str_op(md->body, ==, test_md2_18);
microdesc_free(md);
md = NULL;
md = dirvote_create_microdescriptor(ri, 21);
tt_str_op(md->body, ==, test_md2_21);
tt_assert(ed25519_pubkey_eq(md->ed25519_identity_pkey,
&ri->signing_key_cert->signing_key));
done:
microdesc_free(md);
routerinfo_free(ri);

View File

@ -8,11 +8,17 @@
#include "or.h"
#include "config.h"
#include "router.h"
#include "routerkeys.h"
#include "util.h"
#include "crypto.h"
#include "torcert.h"
#include "test.h"
#ifdef _WIN32
/* For mkdir() */
#include <direct.h>
#endif
static void
test_routerkeys_write_fingerprint(void *arg)
{
@ -75,11 +81,543 @@ test_routerkeys_write_fingerprint(void *arg)
tor_free(cp2);
}
static void
test_routerkeys_ed_certs(void *args)
{
(void)args;
ed25519_keypair_t kp1, kp2;
tor_cert_t *cert[2] = {NULL, NULL};
tor_cert_t *parsed_cert[2] = {NULL, NULL};
time_t now = 1412094534;
uint8_t *junk = NULL;
char *base64 = NULL;
tt_int_op(0,==,ed25519_keypair_generate(&kp1, 0));
tt_int_op(0,==,ed25519_keypair_generate(&kp2, 0));
for (int i = 0; i <= 1; ++i) {
uint32_t flags = i ? CERT_FLAG_INCLUDE_SIGNING_KEY : 0;
cert[i] = tor_cert_create(&kp1, 5, &kp2.pubkey, now, 10000, flags);
tt_assert(cert[i]);
tt_assert(cert[i]->sig_bad == 0);
tt_assert(cert[i]->sig_ok == 1);
tt_assert(cert[i]->cert_expired == 0);
tt_assert(cert[i]->cert_valid == 1);
tt_int_op(cert[i]->cert_type, ==, 5);
tt_mem_op(cert[i]->signed_key.pubkey, ==, &kp2.pubkey.pubkey, 32);
tt_mem_op(cert[i]->signing_key.pubkey, ==, &kp1.pubkey.pubkey, 32);
tt_int_op(cert[i]->signing_key_included, ==, i);
tt_assert(cert[i]->encoded);
tt_int_op(cert[i]->encoded_len, ==, 104 + 36 * i);
tt_int_op(cert[i]->encoded[0], ==, 1);
tt_int_op(cert[i]->encoded[1], ==, 5);
parsed_cert[i] = tor_cert_parse(cert[i]->encoded, cert[i]->encoded_len);
tt_assert(parsed_cert[i]);
tt_int_op(cert[i]->encoded_len, ==, parsed_cert[i]->encoded_len);
tt_mem_op(cert[i]->encoded, ==, parsed_cert[i]->encoded,
cert[i]->encoded_len);
tt_assert(parsed_cert[i]->sig_bad == 0);
tt_assert(parsed_cert[i]->sig_ok == 0);
tt_assert(parsed_cert[i]->cert_expired == 0);
tt_assert(parsed_cert[i]->cert_valid == 0);
/* Expired */
tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now + 30000),
<, 0);
tt_assert(parsed_cert[i]->cert_expired == 1);
parsed_cert[i]->cert_expired = 0;
/* Wrong key */
tt_int_op(tor_cert_checksig(parsed_cert[i], &kp2.pubkey, now), <, 0);
tt_assert(parsed_cert[i]->sig_bad== 1);
parsed_cert[i]->sig_bad = 0;
/* Missing key */
int ok = tor_cert_checksig(parsed_cert[i], NULL, now);
tt_int_op(ok < 0, ==, i == 0);
tt_assert(parsed_cert[i]->sig_bad == 0);
tt_assert(parsed_cert[i]->sig_ok == (i != 0));
tt_assert(parsed_cert[i]->cert_valid == (i != 0));
parsed_cert[i]->sig_bad = 0;
parsed_cert[i]->sig_ok = 0;
parsed_cert[i]->cert_valid = 0;
/* Right key */
tt_int_op(tor_cert_checksig(parsed_cert[i], &kp1.pubkey, now), ==, 0);
tt_assert(parsed_cert[i]->sig_bad == 0);
tt_assert(parsed_cert[i]->sig_ok == 1);
tt_assert(parsed_cert[i]->cert_expired == 0);
tt_assert(parsed_cert[i]->cert_valid == 1);
}
/* Now try some junky certs. */
/* - Truncated */
tt_ptr_op(NULL, ==,tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len-1));
/* - First byte modified */
cert[0]->encoded[0] = 99;
tt_ptr_op(NULL, ==,tor_cert_parse(cert[0]->encoded, cert[0]->encoded_len));
cert[0]->encoded[0] = 1;
/* - Extra byte at the end*/
junk = tor_malloc_zero(cert[0]->encoded_len + 1);
memcpy(junk, cert[0]->encoded, cert[0]->encoded_len);
tt_ptr_op(NULL, ==, tor_cert_parse(junk, cert[0]->encoded_len+1));
/* - Multiple signing key instances */
tor_free(junk);
junk = tor_malloc_zero(104 + 36 * 2);
junk[0] = 1; /* version */
junk[1] = 5; /* cert type */
junk[6] = 1; /* key type */
junk[39] = 2; /* n_extensions */
junk[41] = 32; /* extlen */
junk[42] = 4; /* exttype */
junk[77] = 32; /* extlen */
junk[78] = 4; /* exttype */
tt_ptr_op(NULL, ==, tor_cert_parse(junk, 104 + 36 * 2));
done:
tor_cert_free(cert[0]);
tor_cert_free(cert[1]);
tor_cert_free(parsed_cert[0]);
tor_cert_free(parsed_cert[1]);
tor_free(junk);
tor_free(base64);
}
static void
test_routerkeys_ed_key_create(void *arg)
{
(void)arg;
tor_cert_t *cert = NULL;
ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
time_t now = time(NULL);
/* This is a simple alias for 'make a new keypair' */
kp1 = ed_key_new(NULL, 0, 0, 0, 0, &cert);
tt_assert(kp1);
/* Create a new certificate signed by kp1. */
kp2 = ed_key_new(kp1, INIT_ED_KEY_NEEDCERT, now, 3600, 4, &cert);
tt_assert(kp2);
tt_assert(cert);
tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
tt_assert(! cert->signing_key_included);
tt_int_op(cert->valid_until, >=, now);
tt_int_op(cert->valid_until, <=, now+7200);
/* Create a new key-including certificate signed by kp1 */
ed25519_keypair_free(kp2);
tor_cert_free(cert);
cert = NULL; kp2 = NULL;
kp2 = ed_key_new(kp1, (INIT_ED_KEY_NEEDCERT|
INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT),
now, 3600, 4, &cert);
tt_assert(kp2);
tt_assert(cert);
tt_assert(cert->signing_key_included);
tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, sizeof(ed25519_public_key_t));
tt_mem_op(&cert->signing_key, ==, &kp1->pubkey,sizeof(ed25519_public_key_t));
done:
ed25519_keypair_free(kp1);
ed25519_keypair_free(kp2);
tor_cert_free(cert);
}
static void
test_routerkeys_ed_key_init_basic(void *arg)
{
(void) arg;
tor_cert_t *cert = NULL, *cert2 = NULL;
ed25519_keypair_t *kp1 = NULL, *kp2 = NULL, *kp3 = NULL;
time_t now = time(NULL);
char *fname1 = tor_strdup(get_fname("test_ed_key_1"));
char *fname2 = tor_strdup(get_fname("test_ed_key_2"));
struct stat st;
unlink(fname1);
unlink(fname2);
/* Fail to load a key that isn't there. */
kp1 = ed_key_init_from_file(fname1, 0, LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp1 == NULL);
tt_assert(cert == NULL);
/* Create the key if requested to do so. */
kp1 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
NULL, now, 0, 7, &cert);
tt_assert(kp1 != NULL);
tt_assert(cert == NULL);
tt_int_op(stat(get_fname("test_ed_key_1_cert"), &st), <, 0);
tt_int_op(stat(get_fname("test_ed_key_1_secret_key"), &st), ==, 0);
/* Fail to load if we say we need a cert */
kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_NEEDCERT, LOG_INFO,
NULL, now, 0, 7, &cert);
tt_assert(kp2 == NULL);
/* Fail to load if we say the wrong key type */
kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
NULL, now, 0, 6, &cert);
tt_assert(kp2 == NULL);
/* Load successfully if we're not picky, whether we say "create" or not. */
kp2 = ed_key_init_from_file(fname1, INIT_ED_KEY_CREATE, LOG_INFO,
NULL, now, 0, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
ed25519_keypair_free(kp2); kp2 = NULL;
kp2 = ed_key_init_from_file(fname1, 0, LOG_INFO,
NULL, now, 0, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, ==, kp2, sizeof(*kp1));
ed25519_keypair_free(kp2); kp2 = NULL;
/* Now create a key with a cert. */
kp2 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
INIT_ED_KEY_NEEDCERT),
LOG_INFO, kp1, now, 7200, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert != NULL);
tt_mem_op(kp1, !=, kp2, sizeof(*kp1));
tt_int_op(stat(get_fname("test_ed_key_2_cert"), &st), ==, 0);
tt_int_op(stat(get_fname("test_ed_key_2_secret_key"), &st), ==, 0);
tt_assert(cert->cert_valid == 1);
tt_mem_op(&cert->signed_key, ==, &kp2->pubkey, 32);
/* Now verify we can load the cert... */
kp3 = ed_key_init_from_file(fname2, (INIT_ED_KEY_CREATE|
INIT_ED_KEY_NEEDCERT),
LOG_INFO, kp1, now, 7200, 7, &cert2);
tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
ed25519_keypair_free(kp3); kp3 = NULL;
tor_cert_free(cert2); cert2 = NULL;
/* ... even without create... */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
LOG_INFO, kp1, now, 7200, 7, &cert2);
tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
tt_mem_op(cert2->encoded, ==, cert->encoded, cert->encoded_len);
ed25519_keypair_free(kp3); kp3 = NULL;
tor_cert_free(cert2); cert2 = NULL;
/* ... but that we don't crash or anything if we say we don't want it. */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
LOG_INFO, kp1, now, 7200, 7, NULL);
tt_mem_op(kp2, ==, kp3, sizeof(*kp2));
ed25519_keypair_free(kp3); kp3 = NULL;
/* Fail if we're told the wrong signing key */
kp3 = ed_key_init_from_file(fname2, INIT_ED_KEY_NEEDCERT,
LOG_INFO, kp2, now, 7200, 7, &cert2);
tt_assert(kp3 == NULL);
tt_assert(cert2 == NULL);
done:
ed25519_keypair_free(kp1);
ed25519_keypair_free(kp2);
ed25519_keypair_free(kp3);
tor_cert_free(cert);
tor_cert_free(cert2);
tor_free(fname1);
tor_free(fname2);
}
static void
test_routerkeys_ed_key_init_split(void *arg)
{
(void) arg;
tor_cert_t *cert = NULL;
ed25519_keypair_t *kp1 = NULL, *kp2 = NULL;
time_t now = time(NULL);
char *fname1 = tor_strdup(get_fname("test_ed_key_3"));
char *fname2 = tor_strdup(get_fname("test_ed_key_4"));
struct stat st;
const uint32_t flags = INIT_ED_KEY_SPLIT|INIT_ED_KEY_MISSING_SECRET_OK;
unlink(fname1);
unlink(fname2);
/* Can't load key that isn't there. */
kp1 = ed_key_init_from_file(fname1, flags, LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp1 == NULL);
tt_assert(cert == NULL);
/* Create a split key */
kp1 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp1 != NULL);
tt_assert(cert == NULL);
tt_int_op(stat(get_fname("test_ed_key_3_cert"), &st), <, 0);
tt_int_op(stat(get_fname("test_ed_key_3_secret_key"), &st), ==, 0);
tt_int_op(stat(get_fname("test_ed_key_3_public_key"), &st), ==, 0);
/* Load it. */
kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(kp1, ==, kp2, sizeof(*kp2));
ed25519_keypair_free(kp2); kp2 = NULL;
/* Okay, try killing the secret key and loading it. */
unlink(get_fname("test_ed_key_3_secret_key"));
kp2 = ed_key_init_from_file(fname1, flags,
LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
sizeof(kp2->seckey.seckey)));
ed25519_keypair_free(kp2); kp2 = NULL;
/* Even when we're told to "create", don't create if there's a public key */
kp2 = ed_key_init_from_file(fname1, flags|INIT_ED_KEY_CREATE,
LOG_INFO, NULL, now, 0, 7, &cert);
tt_assert(kp2 != NULL);
tt_assert(cert == NULL);
tt_mem_op(&kp1->pubkey, ==, &kp2->pubkey, sizeof(kp2->pubkey));
tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
sizeof(kp2->seckey.seckey)));
ed25519_keypair_free(kp2); kp2 = NULL;
/* Make sure we fail on a tag mismatch, though */
kp2 = ed_key_init_from_file(fname1, flags,
LOG_INFO, NULL, now, 0, 99, &cert);
tt_assert(kp2 == NULL);
done:
ed25519_keypair_free(kp1);
ed25519_keypair_free(kp2);
tor_cert_free(cert);
tor_free(fname1);
tor_free(fname2);
}
static void
test_routerkeys_ed_keys_init_all(void *arg)
{
(void)arg;
char *dir = tor_strdup(get_fname("test_ed_keys_init_all"));
or_options_t *options = tor_malloc_zero(sizeof(or_options_t));
time_t now = time(NULL);
ed25519_public_key_t id;
ed25519_keypair_t sign, auth;
tor_cert_t *link_cert = NULL;
get_options_mutable()->ORPort_set = 1;
crypto_pk_t *rsa = pk_generate(0);
set_server_identity_key(rsa);
set_client_identity_key(rsa);
router_initialize_tls_context();
options->SigningKeyLifetime = 30*86400;
options->TestingAuthKeyLifetime = 2*86400;
options->TestingLinkCertLifetime = 2*86400;
options->TestingSigningKeySlop = 2*86400;
options->TestingAuthKeySlop = 2*3600;
options->TestingLinkKeySlop = 2*3600;
#ifdef _WIN32
mkdir(dir);
mkdir(get_fname("test_ed_keys_init_all/keys"));
#else
mkdir(dir, 0700);
mkdir(get_fname("test_ed_keys_init_all/keys"), 0700);
#endif
options->DataDirectory = dir;
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_assert(get_master_identity_key());
tt_assert(get_master_identity_key());
tt_assert(get_master_signing_keypair());
tt_assert(get_current_auth_keypair());
tt_assert(get_master_signing_key_cert());
tt_assert(get_current_link_cert_cert());
tt_assert(get_current_auth_key_cert());
memcpy(&id, get_master_identity_key(), sizeof(id));
memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
link_cert = tor_cert_dup(get_current_link_cert_cert());
/* Call load_ed_keys again, but nothing has changed. */
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_mem_op(&auth, ==, get_current_auth_keypair(), sizeof(auth));
tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
/* Force a reload: we make new link/auth keys. */
routerkeys_free_all();
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(tor_cert_eq(link_cert, get_current_link_cert_cert()));
tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
tt_assert(get_master_signing_key_cert());
tt_assert(get_current_link_cert_cert());
tt_assert(get_current_auth_key_cert());
tor_cert_free(link_cert);
link_cert = tor_cert_dup(get_current_link_cert_cert());
memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
/* Force a link/auth-key regeneration by advancing time. */
tt_int_op(0, ==, load_ed_keys(options, now+3*86400));
tt_int_op(0, ==, generate_ed_link_cert(options, now+3*86400));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
tt_assert(get_master_signing_key_cert());
tt_assert(get_current_link_cert_cert());
tt_assert(get_current_auth_key_cert());
tor_cert_free(link_cert);
link_cert = tor_cert_dup(get_current_link_cert_cert());
memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
/* Force a signing-key regeneration by advancing time. */
tt_int_op(0, ==, load_ed_keys(options, now+100*86400));
tt_int_op(0, ==, generate_ed_link_cert(options, now+100*86400));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, !=, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
tt_assert(get_master_signing_key_cert());
tt_assert(get_current_link_cert_cert());
tt_assert(get_current_auth_key_cert());
memcpy(&sign, get_master_signing_keypair(), sizeof(sign));
tor_cert_free(link_cert);
link_cert = tor_cert_dup(get_current_link_cert_cert());
memcpy(&auth, get_current_auth_keypair(), sizeof(auth));
/* Demonstrate that we can start up with no secret identity key */
routerkeys_free_all();
unlink(get_fname("test_ed_keys_init_all/keys/"
"ed25519_master_id_secret_key"));
tt_int_op(0, ==, load_ed_keys(options, now));
tt_int_op(0, ==, generate_ed_link_cert(options, now));
tt_mem_op(&id, ==, get_master_identity_key(), sizeof(id));
tt_mem_op(&sign, ==, get_master_signing_keypair(), sizeof(sign));
tt_assert(! tor_cert_eq(link_cert, get_current_link_cert_cert()));
tt_mem_op(&auth, !=, get_current_auth_keypair(), sizeof(auth));
tt_assert(get_master_signing_key_cert());
tt_assert(get_current_link_cert_cert());
tt_assert(get_current_auth_key_cert());
/* But we're in trouble if we have no id key and our signing key has
expired. */
log_global_min_severity_ = LOG_ERR; /* Suppress warnings.
* XXX (better way to do this)? */
routerkeys_free_all();
tt_int_op(-1, ==, load_ed_keys(options, now+200*86400));
done:
tor_free(dir);
tor_free(options);
routerkeys_free_all();
}
static void
test_routerkeys_cross_certify_ntor(void *args)
{
(void) args;
tor_cert_t *cert = NULL;
curve25519_keypair_t onion_keys;
ed25519_public_key_t master_key;
ed25519_public_key_t onion_check_key;
time_t now = time(NULL);
int sign;
tt_int_op(0, ==, ed25519_public_from_base64(&master_key,
"IamwritingthesetestsOnARainyAfternoonin2014"));
tt_int_op(0, ==, curve25519_keypair_generate(&onion_keys, 0));
cert = make_ntor_onion_key_crosscert(&onion_keys,
&master_key,
now, 10000,
&sign);
tt_assert(cert);
tt_assert(sign == 0 || sign == 1);
tt_int_op(cert->cert_type, ==, CERT_TYPE_ONION_ID);
tt_int_op(1, ==, ed25519_pubkey_eq(&cert->signed_key, &master_key));
tt_int_op(0, ==, ed25519_public_key_from_curve25519_public_key(
&onion_check_key, &onion_keys.pubkey, sign));
tt_int_op(0, ==, tor_cert_checksig(cert, &onion_check_key, now));
done:
tor_cert_free(cert);
}
static void
test_routerkeys_cross_certify_tap(void *args)
{
(void)args;
uint8_t *cc = NULL;
int cc_len;
ed25519_public_key_t master_key;
crypto_pk_t *onion_key = pk_generate(2), *id_key = pk_generate(1);
char digest[20];
char buf[128];
int n;
tt_int_op(0, ==, ed25519_public_from_base64(&master_key,
"IAlreadyWroteTestsForRouterdescsUsingTheseX"));
cc = make_tap_onion_key_crosscert(onion_key,
&master_key,
id_key, &cc_len);
tt_assert(cc);
tt_assert(cc_len);
n = crypto_pk_public_checksig(onion_key, buf, sizeof(buf),
(char*)cc, cc_len);
tt_int_op(n,>,0);
tt_int_op(n,==,52);
crypto_pk_get_digest(id_key, digest);
tt_mem_op(buf,==,digest,20);
tt_mem_op(buf+20,==,master_key.pubkey,32);
tt_int_op(0, ==, check_tap_onion_key_crosscert(cc, cc_len,
onion_key, &master_key, (uint8_t*)digest));
done:
tor_free(cc);
}
#define TEST(name, flags) \
{ #name , test_routerkeys_ ## name, (flags), NULL, NULL }
struct testcase_t routerkeys_tests[] = {
TEST(write_fingerprint, TT_FORK),
TEST(ed_certs, TT_FORK),
TEST(ed_key_create, TT_FORK),
TEST(ed_key_init_basic, TT_FORK),
TEST(ed_key_init_split, TT_FORK),
TEST(ed_keys_init_all, TT_FORK),
TEST(cross_certify_ntor, 0),
TEST(cross_certify_tap, 0),
END_OF_TESTCASES
};

887
src/trunnel/ed25519_cert.c Normal file
View File

@ -0,0 +1,887 @@
/* ed25519_cert.c -- generated by Trunnel v1.2.
* https://gitweb.torproject.org/trunnel.git
* You probably shouldn't edit this file.
*/
#include <stdlib.h>
#include "trunnel-impl.h"
#include "ed25519_cert.h"
#define TRUNNEL_SET_ERROR_CODE(obj) \
do { \
(obj)->trunnel_error_code_ = 1; \
} while (0)
#if defined(__COVERITY__) || defined(__clang_analyzer__)
/* If we're runnning a static analysis tool, we don't want it to complain
* that some of our remaining-bytes checks are dead-code. */
int edcert_deadcode_dummy__ = 0;
#define OR_DEADCODE_DUMMY || edcert_deadcode_dummy__
#else
#define OR_DEADCODE_DUMMY
#endif
#define CHECK_REMAINING(nbytes, label) \
do { \
if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \
goto label; \
} \
} while (0)
ed25519_cert_extension_t *
ed25519_cert_extension_new(void)
{
ed25519_cert_extension_t *val = trunnel_calloc(1, sizeof(ed25519_cert_extension_t));
if (NULL == val)
return NULL;
return val;
}
/** Release all storage held inside 'obj', but do not free 'obj'.
*/
static void
ed25519_cert_extension_clear(ed25519_cert_extension_t *obj)
{
(void) obj;
TRUNNEL_DYNARRAY_WIPE(&obj->un_unparsed);
TRUNNEL_DYNARRAY_CLEAR(&obj->un_unparsed);
}
void
ed25519_cert_extension_free(ed25519_cert_extension_t *obj)
{
if (obj == NULL)
return;
ed25519_cert_extension_clear(obj);
trunnel_memwipe(obj, sizeof(ed25519_cert_extension_t));
trunnel_free_(obj);
}
uint16_t
ed25519_cert_extension_get_ext_length(ed25519_cert_extension_t *inp)
{
return inp->ext_length;
}
int
ed25519_cert_extension_set_ext_length(ed25519_cert_extension_t *inp, uint16_t val)
{
inp->ext_length = val;
return 0;
}
uint8_t
ed25519_cert_extension_get_ext_type(ed25519_cert_extension_t *inp)
{
return inp->ext_type;
}
int
ed25519_cert_extension_set_ext_type(ed25519_cert_extension_t *inp, uint8_t val)
{
inp->ext_type = val;
return 0;
}
uint8_t
ed25519_cert_extension_get_ext_flags(ed25519_cert_extension_t *inp)
{
return inp->ext_flags;
}
int
ed25519_cert_extension_set_ext_flags(ed25519_cert_extension_t *inp, uint8_t val)
{
inp->ext_flags = val;
return 0;
}
size_t
ed25519_cert_extension_getlen_un_signing_key(const ed25519_cert_extension_t *inp)
{
(void)inp; return 32;
}
uint8_t
ed25519_cert_extension_get_un_signing_key(const ed25519_cert_extension_t *inp, size_t idx)
{
trunnel_assert(idx < 32);
return inp->un_signing_key[idx];
}
int
ed25519_cert_extension_set_un_signing_key(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt)
{
trunnel_assert(idx < 32);
inp->un_signing_key[idx] = elt;
return 0;
}
uint8_t *
ed25519_cert_extension_getarray_un_signing_key(ed25519_cert_extension_t *inp)
{
return inp->un_signing_key;
}
size_t
ed25519_cert_extension_getlen_un_unparsed(const ed25519_cert_extension_t *inp)
{
return TRUNNEL_DYNARRAY_LEN(&inp->un_unparsed);
}
uint8_t
ed25519_cert_extension_get_un_unparsed(ed25519_cert_extension_t *inp, size_t idx)
{
return TRUNNEL_DYNARRAY_GET(&inp->un_unparsed, idx);
}
int
ed25519_cert_extension_set_un_unparsed(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt)
{
TRUNNEL_DYNARRAY_SET(&inp->un_unparsed, idx, elt);
return 0;
}
int
ed25519_cert_extension_add_un_unparsed(ed25519_cert_extension_t *inp, uint8_t elt)
{
TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->un_unparsed, elt, {});
return 0;
trunnel_alloc_failed:
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
uint8_t *
ed25519_cert_extension_getarray_un_unparsed(ed25519_cert_extension_t *inp)
{
return inp->un_unparsed.elts_;
}
int
ed25519_cert_extension_setlen_un_unparsed(ed25519_cert_extension_t *inp, size_t newlen)
{
uint8_t *newptr;
newptr = trunnel_dynarray_setlen(&inp->un_unparsed.allocated_,
&inp->un_unparsed.n_, inp->un_unparsed.elts_, newlen,
sizeof(inp->un_unparsed.elts_[0]), (trunnel_free_fn_t) NULL,
&inp->trunnel_error_code_);
if (newptr == NULL)
goto trunnel_alloc_failed;
inp->un_unparsed.elts_ = newptr;
return 0;
trunnel_alloc_failed:
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
const char *
ed25519_cert_extension_check(const ed25519_cert_extension_t *obj)
{
if (obj == NULL)
return "Object was NULL";
if (obj->trunnel_error_code_)
return "A set function failed on this object";
switch (obj->ext_type) {
case CERTEXT_SIGNED_WITH_KEY:
break;
default:
break;
}
return NULL;
}
ssize_t
ed25519_cert_extension_encoded_len(const ed25519_cert_extension_t *obj)
{
ssize_t result = 0;
if (NULL != ed25519_cert_extension_check(obj))
return -1;
/* Length of u16 ext_length */
result += 2;
/* Length of u8 ext_type */
result += 1;
/* Length of u8 ext_flags */
result += 1;
switch (obj->ext_type) {
case CERTEXT_SIGNED_WITH_KEY:
/* Length of u8 un_signing_key[32] */
result += 32;
break;
default:
/* Length of u8 un_unparsed[] */
result += TRUNNEL_DYNARRAY_LEN(&obj->un_unparsed);
break;
}
return result;
}
int
ed25519_cert_extension_clear_errors(ed25519_cert_extension_t *obj)
{
int r = obj->trunnel_error_code_;
obj->trunnel_error_code_ = 0;
return r;
}
ssize_t
ed25519_cert_extension_encode(uint8_t *output, const size_t avail, const ed25519_cert_extension_t *obj)
{
ssize_t result = 0;
size_t written = 0;
uint8_t *ptr = output;
const char *msg;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
const ssize_t encoded_len = ed25519_cert_extension_encoded_len(obj);
#endif
uint8_t *backptr_ext_length = NULL;
if (NULL != (msg = ed25519_cert_extension_check(obj)))
goto check_failed;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
trunnel_assert(encoded_len >= 0);
#endif
/* Encode u16 ext_length */
backptr_ext_length = ptr;
trunnel_assert(written <= avail);
if (avail - written < 2)
goto truncated;
trunnel_set_uint16(ptr, trunnel_htons(obj->ext_length));
written += 2; ptr += 2;
/* Encode u8 ext_type */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->ext_type));
written += 1; ptr += 1;
/* Encode u8 ext_flags */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->ext_flags));
written += 1; ptr += 1;
{
size_t written_before_union = written;
/* Encode union un[ext_type] */
trunnel_assert(written <= avail);
switch (obj->ext_type) {
case CERTEXT_SIGNED_WITH_KEY:
/* Encode u8 un_signing_key[32] */
trunnel_assert(written <= avail);
if (avail - written < 32)
goto truncated;
memcpy(ptr, obj->un_signing_key, 32);
written += 32; ptr += 32;
break;
default:
/* Encode u8 un_unparsed[] */
{
size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->un_unparsed);
trunnel_assert(written <= avail);
if (avail - written < elt_len)
goto truncated;
memcpy(ptr, obj->un_unparsed.elts_, elt_len);
written += elt_len; ptr += elt_len;
}
break;
}
/* Write the length field back to ext_length */
trunnel_assert(written >= written_before_union);
#if UINT16_MAX < SIZE_MAX
if (written - written_before_union > UINT16_MAX)
goto check_failed;
#endif
trunnel_set_uint16(backptr_ext_length, trunnel_htons(written - written_before_union));
}
trunnel_assert(ptr == output + written);
#ifdef TRUNNEL_CHECK_ENCODED_LEN
{
trunnel_assert(encoded_len >= 0);
trunnel_assert((size_t)encoded_len == written);
}
#endif
return written;
truncated:
result = -2;
goto fail;
check_failed:
(void)msg;
result = -1;
goto fail;
fail:
trunnel_assert(result < 0);
return result;
}
/** As ed25519_cert_extension_parse(), but do not allocate the output
* object.
*/
static ssize_t
ed25519_cert_extension_parse_into(ed25519_cert_extension_t *obj, const uint8_t *input, const size_t len_in)
{
const uint8_t *ptr = input;
size_t remaining = len_in;
ssize_t result = 0;
(void)result;
/* Parse u16 ext_length */
CHECK_REMAINING(2, truncated);
obj->ext_length = trunnel_ntohs(trunnel_get_uint16(ptr));
remaining -= 2; ptr += 2;
/* Parse u8 ext_type */
CHECK_REMAINING(1, truncated);
obj->ext_type = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
/* Parse u8 ext_flags */
CHECK_REMAINING(1, truncated);
obj->ext_flags = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
{
size_t remaining_after;
CHECK_REMAINING(obj->ext_length, truncated);
remaining_after = remaining - obj->ext_length;
remaining = obj->ext_length;
/* Parse union un[ext_type] */
switch (obj->ext_type) {
case CERTEXT_SIGNED_WITH_KEY:
/* Parse u8 un_signing_key[32] */
CHECK_REMAINING(32, fail);
memcpy(obj->un_signing_key, ptr, 32);
remaining -= 32; ptr += 32;
break;
default:
/* Parse u8 un_unparsed[] */
TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->un_unparsed, remaining, {});
obj->un_unparsed.n_ = remaining;
memcpy(obj->un_unparsed.elts_, ptr, remaining);
ptr += remaining; remaining -= remaining;
break;
}
if (remaining != 0)
goto fail;
remaining = remaining_after;
}
trunnel_assert(ptr + remaining == input + len_in);
return len_in - remaining;
truncated:
return -2;
trunnel_alloc_failed:
return -1;
fail:
result = -1;
return result;
}
ssize_t
ed25519_cert_extension_parse(ed25519_cert_extension_t **output, const uint8_t *input, const size_t len_in)
{
ssize_t result;
*output = ed25519_cert_extension_new();
if (NULL == *output)
return -1;
result = ed25519_cert_extension_parse_into(*output, input, len_in);
if (result < 0) {
ed25519_cert_extension_free(*output);
*output = NULL;
}
return result;
}
ed25519_cert_t *
ed25519_cert_new(void)
{
ed25519_cert_t *val = trunnel_calloc(1, sizeof(ed25519_cert_t));
if (NULL == val)
return NULL;
val->version = 1;
return val;
}
/** Release all storage held inside 'obj', but do not free 'obj'.
*/
static void
ed25519_cert_clear(ed25519_cert_t *obj)
{
(void) obj;
{
unsigned idx;
for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
ed25519_cert_extension_free(TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
}
}
TRUNNEL_DYNARRAY_WIPE(&obj->ext);
TRUNNEL_DYNARRAY_CLEAR(&obj->ext);
}
void
ed25519_cert_free(ed25519_cert_t *obj)
{
if (obj == NULL)
return;
ed25519_cert_clear(obj);
trunnel_memwipe(obj, sizeof(ed25519_cert_t));
trunnel_free_(obj);
}
uint8_t
ed25519_cert_get_version(ed25519_cert_t *inp)
{
return inp->version;
}
int
ed25519_cert_set_version(ed25519_cert_t *inp, uint8_t val)
{
if (! ((val == 1))) {
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
inp->version = val;
return 0;
}
uint8_t
ed25519_cert_get_cert_type(ed25519_cert_t *inp)
{
return inp->cert_type;
}
int
ed25519_cert_set_cert_type(ed25519_cert_t *inp, uint8_t val)
{
inp->cert_type = val;
return 0;
}
uint32_t
ed25519_cert_get_exp_field(ed25519_cert_t *inp)
{
return inp->exp_field;
}
int
ed25519_cert_set_exp_field(ed25519_cert_t *inp, uint32_t val)
{
inp->exp_field = val;
return 0;
}
uint8_t
ed25519_cert_get_cert_key_type(ed25519_cert_t *inp)
{
return inp->cert_key_type;
}
int
ed25519_cert_set_cert_key_type(ed25519_cert_t *inp, uint8_t val)
{
inp->cert_key_type = val;
return 0;
}
size_t
ed25519_cert_getlen_certified_key(const ed25519_cert_t *inp)
{
(void)inp; return 32;
}
uint8_t
ed25519_cert_get_certified_key(const ed25519_cert_t *inp, size_t idx)
{
trunnel_assert(idx < 32);
return inp->certified_key[idx];
}
int
ed25519_cert_set_certified_key(ed25519_cert_t *inp, size_t idx, uint8_t elt)
{
trunnel_assert(idx < 32);
inp->certified_key[idx] = elt;
return 0;
}
uint8_t *
ed25519_cert_getarray_certified_key(ed25519_cert_t *inp)
{
return inp->certified_key;
}
uint8_t
ed25519_cert_get_n_extensions(ed25519_cert_t *inp)
{
return inp->n_extensions;
}
int
ed25519_cert_set_n_extensions(ed25519_cert_t *inp, uint8_t val)
{
inp->n_extensions = val;
return 0;
}
size_t
ed25519_cert_getlen_ext(const ed25519_cert_t *inp)
{
return TRUNNEL_DYNARRAY_LEN(&inp->ext);
}
struct ed25519_cert_extension_st *
ed25519_cert_get_ext(ed25519_cert_t *inp, size_t idx)
{
return TRUNNEL_DYNARRAY_GET(&inp->ext, idx);
}
int
ed25519_cert_set_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt)
{
ed25519_cert_extension_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->ext, idx);
if (oldval && oldval != elt)
ed25519_cert_extension_free(oldval);
return ed25519_cert_set0_ext(inp, idx, elt);
}
int
ed25519_cert_set0_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt)
{
TRUNNEL_DYNARRAY_SET(&inp->ext, idx, elt);
return 0;
}
int
ed25519_cert_add_ext(ed25519_cert_t *inp, struct ed25519_cert_extension_st * elt)
{
#if SIZE_MAX >= UINT8_MAX
if (inp->ext.n_ == UINT8_MAX)
goto trunnel_alloc_failed;
#endif
TRUNNEL_DYNARRAY_ADD(struct ed25519_cert_extension_st *, &inp->ext, elt, {});
return 0;
trunnel_alloc_failed:
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
struct ed25519_cert_extension_st * *
ed25519_cert_getarray_ext(ed25519_cert_t *inp)
{
return inp->ext.elts_;
}
int
ed25519_cert_setlen_ext(ed25519_cert_t *inp, size_t newlen)
{
struct ed25519_cert_extension_st * *newptr;
#if UINT8_MAX < SIZE_MAX
if (newlen > UINT8_MAX)
goto trunnel_alloc_failed;
#endif
newptr = trunnel_dynarray_setlen(&inp->ext.allocated_,
&inp->ext.n_, inp->ext.elts_, newlen,
sizeof(inp->ext.elts_[0]), (trunnel_free_fn_t) ed25519_cert_extension_free,
&inp->trunnel_error_code_);
if (newptr == NULL)
goto trunnel_alloc_failed;
inp->ext.elts_ = newptr;
return 0;
trunnel_alloc_failed:
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
size_t
ed25519_cert_getlen_signature(const ed25519_cert_t *inp)
{
(void)inp; return 64;
}
uint8_t
ed25519_cert_get_signature(const ed25519_cert_t *inp, size_t idx)
{
trunnel_assert(idx < 64);
return inp->signature[idx];
}
int
ed25519_cert_set_signature(ed25519_cert_t *inp, size_t idx, uint8_t elt)
{
trunnel_assert(idx < 64);
inp->signature[idx] = elt;
return 0;
}
uint8_t *
ed25519_cert_getarray_signature(ed25519_cert_t *inp)
{
return inp->signature;
}
const char *
ed25519_cert_check(const ed25519_cert_t *obj)
{
if (obj == NULL)
return "Object was NULL";
if (obj->trunnel_error_code_)
return "A set function failed on this object";
if (! (obj->version == 1))
return "Integer out of bounds";
{
const char *msg;
unsigned idx;
for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
if (NULL != (msg = ed25519_cert_extension_check(TRUNNEL_DYNARRAY_GET(&obj->ext, idx))))
return msg;
}
}
if (TRUNNEL_DYNARRAY_LEN(&obj->ext) != obj->n_extensions)
return "Length mismatch for ext";
return NULL;
}
ssize_t
ed25519_cert_encoded_len(const ed25519_cert_t *obj)
{
ssize_t result = 0;
if (NULL != ed25519_cert_check(obj))
return -1;
/* Length of u8 version IN [1] */
result += 1;
/* Length of u8 cert_type */
result += 1;
/* Length of u32 exp_field */
result += 4;
/* Length of u8 cert_key_type */
result += 1;
/* Length of u8 certified_key[32] */
result += 32;
/* Length of u8 n_extensions */
result += 1;
/* Length of struct ed25519_cert_extension ext[n_extensions] */
{
unsigned idx;
for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
result += ed25519_cert_extension_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
}
}
/* Length of u8 signature[64] */
result += 64;
return result;
}
int
ed25519_cert_clear_errors(ed25519_cert_t *obj)
{
int r = obj->trunnel_error_code_;
obj->trunnel_error_code_ = 0;
return r;
}
ssize_t
ed25519_cert_encode(uint8_t *output, const size_t avail, const ed25519_cert_t *obj)
{
ssize_t result = 0;
size_t written = 0;
uint8_t *ptr = output;
const char *msg;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
const ssize_t encoded_len = ed25519_cert_encoded_len(obj);
#endif
if (NULL != (msg = ed25519_cert_check(obj)))
goto check_failed;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
trunnel_assert(encoded_len >= 0);
#endif
/* Encode u8 version IN [1] */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->version));
written += 1; ptr += 1;
/* Encode u8 cert_type */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->cert_type));
written += 1; ptr += 1;
/* Encode u32 exp_field */
trunnel_assert(written <= avail);
if (avail - written < 4)
goto truncated;
trunnel_set_uint32(ptr, trunnel_htonl(obj->exp_field));
written += 4; ptr += 4;
/* Encode u8 cert_key_type */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->cert_key_type));
written += 1; ptr += 1;
/* Encode u8 certified_key[32] */
trunnel_assert(written <= avail);
if (avail - written < 32)
goto truncated;
memcpy(ptr, obj->certified_key, 32);
written += 32; ptr += 32;
/* Encode u8 n_extensions */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
trunnel_set_uint8(ptr, (obj->n_extensions));
written += 1; ptr += 1;
/* Encode struct ed25519_cert_extension ext[n_extensions] */
{
unsigned idx;
for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->ext); ++idx) {
trunnel_assert(written <= avail);
result = ed25519_cert_extension_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->ext, idx));
if (result < 0)
goto fail; /* XXXXXXX !*/
written += result; ptr += result;
}
}
/* Encode u8 signature[64] */
trunnel_assert(written <= avail);
if (avail - written < 64)
goto truncated;
memcpy(ptr, obj->signature, 64);
written += 64; ptr += 64;
trunnel_assert(ptr == output + written);
#ifdef TRUNNEL_CHECK_ENCODED_LEN
{
trunnel_assert(encoded_len >= 0);
trunnel_assert((size_t)encoded_len == written);
}
#endif
return written;
truncated:
result = -2;
goto fail;
check_failed:
(void)msg;
result = -1;
goto fail;
fail:
trunnel_assert(result < 0);
return result;
}
/** As ed25519_cert_parse(), but do not allocate the output object.
*/
static ssize_t
ed25519_cert_parse_into(ed25519_cert_t *obj, const uint8_t *input, const size_t len_in)
{
const uint8_t *ptr = input;
size_t remaining = len_in;
ssize_t result = 0;
(void)result;
/* Parse u8 version IN [1] */
CHECK_REMAINING(1, truncated);
obj->version = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
if (! (obj->version == 1))
goto fail;
/* Parse u8 cert_type */
CHECK_REMAINING(1, truncated);
obj->cert_type = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
/* Parse u32 exp_field */
CHECK_REMAINING(4, truncated);
obj->exp_field = trunnel_ntohl(trunnel_get_uint32(ptr));
remaining -= 4; ptr += 4;
/* Parse u8 cert_key_type */
CHECK_REMAINING(1, truncated);
obj->cert_key_type = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
/* Parse u8 certified_key[32] */
CHECK_REMAINING(32, truncated);
memcpy(obj->certified_key, ptr, 32);
remaining -= 32; ptr += 32;
/* Parse u8 n_extensions */
CHECK_REMAINING(1, truncated);
obj->n_extensions = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
/* Parse struct ed25519_cert_extension ext[n_extensions] */
TRUNNEL_DYNARRAY_EXPAND(ed25519_cert_extension_t *, &obj->ext, obj->n_extensions, {});
{
ed25519_cert_extension_t * elt;
unsigned idx;
for (idx = 0; idx < obj->n_extensions; ++idx) {
result = ed25519_cert_extension_parse(&elt, ptr, remaining);
if (result < 0)
goto relay_fail;
trunnel_assert((size_t)result <= remaining);
remaining -= result; ptr += result;
TRUNNEL_DYNARRAY_ADD(ed25519_cert_extension_t *, &obj->ext, elt, {ed25519_cert_extension_free(elt);});
}
}
/* Parse u8 signature[64] */
CHECK_REMAINING(64, truncated);
memcpy(obj->signature, ptr, 64);
remaining -= 64; ptr += 64;
trunnel_assert(ptr + remaining == input + len_in);
return len_in - remaining;
truncated:
return -2;
relay_fail:
if (result >= 0) result = -1;
return result;
trunnel_alloc_failed:
return -1;
fail:
result = -1;
return result;
}
ssize_t
ed25519_cert_parse(ed25519_cert_t **output, const uint8_t *input, const size_t len_in)
{
ssize_t result;
*output = ed25519_cert_new();
if (NULL == *output)
return -1;
result = ed25519_cert_parse_into(*output, input, len_in);
if (result < 0) {
ed25519_cert_free(*output);
*output = NULL;
}
return result;
}

288
src/trunnel/ed25519_cert.h Normal file
View File

@ -0,0 +1,288 @@
/* ed25519_cert.h -- generated by by Trunnel v1.2.
* https://gitweb.torproject.org/trunnel.git
* You probably shouldn't edit this file.
*/
#ifndef TRUNNEL_ED25519_CERT_H
#define TRUNNEL_ED25519_CERT_H
#include <stdint.h>
#include "trunnel.h"
#define CERTEXT_SIGNED_WITH_KEY 4
#define CERTEXT_FLAG_AFFECTS_VALIDATION 1
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_ED25519_CERT_EXTENSION)
struct ed25519_cert_extension_st {
uint16_t ext_length;
uint8_t ext_type;
uint8_t ext_flags;
uint8_t un_signing_key[32];
TRUNNEL_DYNARRAY_HEAD(, uint8_t) un_unparsed;
uint8_t trunnel_error_code_;
};
#endif
typedef struct ed25519_cert_extension_st ed25519_cert_extension_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_ED25519_CERT)
struct ed25519_cert_st {
uint8_t version;
uint8_t cert_type;
uint32_t exp_field;
uint8_t cert_key_type;
uint8_t certified_key[32];
uint8_t n_extensions;
TRUNNEL_DYNARRAY_HEAD(, struct ed25519_cert_extension_st *) ext;
uint8_t signature[64];
uint8_t trunnel_error_code_;
};
#endif
typedef struct ed25519_cert_st ed25519_cert_t;
/** Return a newly allocated ed25519_cert_extension with all elements
* set to zero.
*/
ed25519_cert_extension_t *ed25519_cert_extension_new(void);
/** Release all storage held by the ed25519_cert_extension in
* 'victim'. (Do nothing if 'victim' is NULL.)
*/
void ed25519_cert_extension_free(ed25519_cert_extension_t *victim);
/** Try to parse a ed25519_cert_extension from the buffer in 'input',
* using up to 'len_in' bytes from the input buffer. On success,
* return the number of bytes consumed and set *output to the newly
* allocated ed25519_cert_extension_t. On failure, return -2 if the
* input appears truncated, and -1 if the input is otherwise invalid.
*/
ssize_t ed25519_cert_extension_parse(ed25519_cert_extension_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* ed25519_cert_extension in 'obj'. On failure, return a negative
* value. Note that this value may be an overestimate, and can even be
* an underestimate for certain unencodeable objects.
*/
ssize_t ed25519_cert_extension_encoded_len(const ed25519_cert_extension_t *obj);
/** Try to encode the ed25519_cert_extension from 'input' into the
* buffer at 'output', using up to 'avail' bytes of the output buffer.
* On success, return the number of bytes used. On failure, return -2
* if the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t ed25519_cert_extension_encode(uint8_t *output, const size_t avail, const ed25519_cert_extension_t *input);
/** Check whether the internal state of the ed25519_cert_extension in
* 'obj' is consistent. Return NULL if it is, and a short message if
* it is not.
*/
const char *ed25519_cert_extension_check(const ed25519_cert_extension_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int ed25519_cert_extension_clear_errors(ed25519_cert_extension_t *obj);
/** Return the value of the ext_length field of the
* ed25519_cert_extension_t in 'inp'
*/
uint16_t ed25519_cert_extension_get_ext_length(ed25519_cert_extension_t *inp);
/** Set the value of the ext_length field of the
* ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
* return -1 and set the error code on 'inp' on failure.
*/
int ed25519_cert_extension_set_ext_length(ed25519_cert_extension_t *inp, uint16_t val);
/** Return the value of the ext_type field of the
* ed25519_cert_extension_t in 'inp'
*/
uint8_t ed25519_cert_extension_get_ext_type(ed25519_cert_extension_t *inp);
/** Set the value of the ext_type field of the
* ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
* return -1 and set the error code on 'inp' on failure.
*/
int ed25519_cert_extension_set_ext_type(ed25519_cert_extension_t *inp, uint8_t val);
/** Return the value of the ext_flags field of the
* ed25519_cert_extension_t in 'inp'
*/
uint8_t ed25519_cert_extension_get_ext_flags(ed25519_cert_extension_t *inp);
/** Set the value of the ext_flags field of the
* ed25519_cert_extension_t in 'inp' to 'val'. Return 0 on success;
* return -1 and set the error code on 'inp' on failure.
*/
int ed25519_cert_extension_set_ext_flags(ed25519_cert_extension_t *inp, uint8_t val);
/** Return the (constant) length of the array holding the
* un_signing_key field of the ed25519_cert_extension_t in 'inp'.
*/
size_t ed25519_cert_extension_getlen_un_signing_key(const ed25519_cert_extension_t *inp);
/** Return the element at position 'idx' of the fixed array field
* un_signing_key of the ed25519_cert_extension_t in 'inp'.
*/
uint8_t ed25519_cert_extension_get_un_signing_key(const ed25519_cert_extension_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* un_signing_key of the ed25519_cert_extension_t in 'inp', so that it
* will hold the value 'elt'.
*/
int ed25519_cert_extension_set_un_signing_key(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field un_signing_key of
* 'inp'.
*/
uint8_t * ed25519_cert_extension_getarray_un_signing_key(ed25519_cert_extension_t *inp);
/** Return the length of the dynamic array holding the un_unparsed
* field of the ed25519_cert_extension_t in 'inp'.
*/
size_t ed25519_cert_extension_getlen_un_unparsed(const ed25519_cert_extension_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* un_unparsed of the ed25519_cert_extension_t in 'inp'.
*/
uint8_t ed25519_cert_extension_get_un_unparsed(ed25519_cert_extension_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* un_unparsed of the ed25519_cert_extension_t in 'inp', so that it
* will hold the value 'elt'.
*/
int ed25519_cert_extension_set_un_unparsed(ed25519_cert_extension_t *inp, size_t idx, uint8_t elt);
/** Append a new element 'elt' to the dynamic array field un_unparsed
* of the ed25519_cert_extension_t in 'inp'.
*/
int ed25519_cert_extension_add_un_unparsed(ed25519_cert_extension_t *inp, uint8_t elt);
/** Return a pointer to the variable-length array field un_unparsed of
* 'inp'.
*/
uint8_t * ed25519_cert_extension_getarray_un_unparsed(ed25519_cert_extension_t *inp);
/** Change the length of the variable-length array field un_unparsed
* of 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on
* success; return -1 and set the error code on 'inp' on failure.
*/
int ed25519_cert_extension_setlen_un_unparsed(ed25519_cert_extension_t *inp, size_t newlen);
/** Return a newly allocated ed25519_cert with all elements set to
* zero.
*/
ed25519_cert_t *ed25519_cert_new(void);
/** Release all storage held by the ed25519_cert in 'victim'. (Do
* nothing if 'victim' is NULL.)
*/
void ed25519_cert_free(ed25519_cert_t *victim);
/** Try to parse a ed25519_cert from the buffer in 'input', using up
* to 'len_in' bytes from the input buffer. On success, return the
* number of bytes consumed and set *output to the newly allocated
* ed25519_cert_t. On failure, return -2 if the input appears
* truncated, and -1 if the input is otherwise invalid.
*/
ssize_t ed25519_cert_parse(ed25519_cert_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* ed25519_cert in 'obj'. On failure, return a negative value. Note
* that this value may be an overestimate, and can even be an
* underestimate for certain unencodeable objects.
*/
ssize_t ed25519_cert_encoded_len(const ed25519_cert_t *obj);
/** Try to encode the ed25519_cert from 'input' into the buffer at
* 'output', using up to 'avail' bytes of the output buffer. On
* success, return the number of bytes used. On failure, return -2 if
* the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t ed25519_cert_encode(uint8_t *output, const size_t avail, const ed25519_cert_t *input);
/** Check whether the internal state of the ed25519_cert in 'obj' is
* consistent. Return NULL if it is, and a short message if it is not.
*/
const char *ed25519_cert_check(const ed25519_cert_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int ed25519_cert_clear_errors(ed25519_cert_t *obj);
/** Return the value of the version field of the ed25519_cert_t in
* 'inp'
*/
uint8_t ed25519_cert_get_version(ed25519_cert_t *inp);
/** Set the value of the version field of the ed25519_cert_t in 'inp'
* to 'val'. Return 0 on success; return -1 and set the error code on
* 'inp' on failure.
*/
int ed25519_cert_set_version(ed25519_cert_t *inp, uint8_t val);
/** Return the value of the cert_type field of the ed25519_cert_t in
* 'inp'
*/
uint8_t ed25519_cert_get_cert_type(ed25519_cert_t *inp);
/** Set the value of the cert_type field of the ed25519_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int ed25519_cert_set_cert_type(ed25519_cert_t *inp, uint8_t val);
/** Return the value of the exp_field field of the ed25519_cert_t in
* 'inp'
*/
uint32_t ed25519_cert_get_exp_field(ed25519_cert_t *inp);
/** Set the value of the exp_field field of the ed25519_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int ed25519_cert_set_exp_field(ed25519_cert_t *inp, uint32_t val);
/** Return the value of the cert_key_type field of the ed25519_cert_t
* in 'inp'
*/
uint8_t ed25519_cert_get_cert_key_type(ed25519_cert_t *inp);
/** Set the value of the cert_key_type field of the ed25519_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int ed25519_cert_set_cert_key_type(ed25519_cert_t *inp, uint8_t val);
/** Return the (constant) length of the array holding the
* certified_key field of the ed25519_cert_t in 'inp'.
*/
size_t ed25519_cert_getlen_certified_key(const ed25519_cert_t *inp);
/** Return the element at position 'idx' of the fixed array field
* certified_key of the ed25519_cert_t in 'inp'.
*/
uint8_t ed25519_cert_get_certified_key(const ed25519_cert_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* certified_key of the ed25519_cert_t in 'inp', so that it will hold
* the value 'elt'.
*/
int ed25519_cert_set_certified_key(ed25519_cert_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field certified_key of
* 'inp'.
*/
uint8_t * ed25519_cert_getarray_certified_key(ed25519_cert_t *inp);
/** Return the value of the n_extensions field of the ed25519_cert_t
* in 'inp'
*/
uint8_t ed25519_cert_get_n_extensions(ed25519_cert_t *inp);
/** Set the value of the n_extensions field of the ed25519_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int ed25519_cert_set_n_extensions(ed25519_cert_t *inp, uint8_t val);
/** Return the length of the dynamic array holding the ext field of
* the ed25519_cert_t in 'inp'.
*/
size_t ed25519_cert_getlen_ext(const ed25519_cert_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* ext of the ed25519_cert_t in 'inp'.
*/
struct ed25519_cert_extension_st * ed25519_cert_get_ext(ed25519_cert_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* ext of the ed25519_cert_t in 'inp', so that it will hold the value
* 'elt'. Free the previous value, if any.
*/
int ed25519_cert_set_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt);
/** As ed25519_cert_set_ext, but does not free the previous value.
*/
int ed25519_cert_set0_ext(ed25519_cert_t *inp, size_t idx, struct ed25519_cert_extension_st * elt);
/** Append a new element 'elt' to the dynamic array field ext of the
* ed25519_cert_t in 'inp'.
*/
int ed25519_cert_add_ext(ed25519_cert_t *inp, struct ed25519_cert_extension_st * elt);
/** Return a pointer to the variable-length array field ext of 'inp'.
*/
struct ed25519_cert_extension_st * * ed25519_cert_getarray_ext(ed25519_cert_t *inp);
/** Change the length of the variable-length array field ext of 'inp'
* to 'newlen'.Fill extra elements with NULL; free removed elements.
* Return 0 on success; return -1 and set the error code on 'inp' on
* failure.
*/
int ed25519_cert_setlen_ext(ed25519_cert_t *inp, size_t newlen);
/** Return the (constant) length of the array holding the signature
* field of the ed25519_cert_t in 'inp'.
*/
size_t ed25519_cert_getlen_signature(const ed25519_cert_t *inp);
/** Return the element at position 'idx' of the fixed array field
* signature of the ed25519_cert_t in 'inp'.
*/
uint8_t ed25519_cert_get_signature(const ed25519_cert_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* signature of the ed25519_cert_t in 'inp', so that it will hold the
* value 'elt'.
*/
int ed25519_cert_set_signature(ed25519_cert_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 64-element array field signature of 'inp'.
*/
uint8_t * ed25519_cert_getarray_signature(ed25519_cert_t *inp);
#endif

View File

@ -0,0 +1,76 @@
struct ed25519_cert {
u8 version IN [1];
u8 cert_type;
u32 exp_field;
u8 cert_key_type;
u8 certified_key[32];
u8 n_extensions;
struct ed25519_cert_extension ext[n_extensions];
u8 signature[64];
}
const CERTEXT_SIGNED_WITH_KEY = 4;
const CERTEXT_FLAG_AFFECTS_VALIDATION = 1;
struct ed25519_cert_extension {
u16 ext_length;
u8 ext_type;
u8 ext_flags;
union un[ext_type] with length ext_length {
CERTEXT_SIGNED_WITH_KEY : u8 signing_key[32];
default: u8 unparsed[];
};
}
/*
struct cert_revocation {
u8 prefix[8];
u8 version IN [1];
u8 keytype;
u8 identity_key[32];
u8 revoked_key[32];
u64 published;
u8 n_extensions;
struct cert_extension ext[n_extensions];
u8 signature[64];
}
struct crosscert_ed_rsa {
u8 ed_key[32];
u32 expiration_date;
u8 signature[128];
}
struct auth02_cell {
u8 type[8];
u8 cid[32];
u8 sid[32];
u8 cid_ed[32];
u8 sid_ed[32];
u8 slog[32];
u8 clog[32];
u8 scert[32];
u8 tlssecrets[32];
u8 rand[24];
u8 sig[64];
}
const LS_IPV4 = 0x00;
const LS_IPV6 = 0x01;
const LS_LEGACY_ID = 0x02;
const LS_ED25519_ID = 0x03;
// amended from tor.trunnel
struct link_specifier {
u8 ls_type;
u8 ls_len;
union un[ls_type] with length ls_len {
LS_IPV4: u32 ipv4_addr; u16 ipv4_port;
LS_IPV6: u8 ipv6_addr[16]; u16 ipv6_port;
LS_LEGACY_ID: u8 legacy_id[20];
LS_ED25519_ID: u8 ed25519_id[32];
default: u8 unrecognized[];
};
}
*/

View File

@ -9,15 +9,24 @@ endif
AM_CPPFLAGS += -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
TRUNNELINPUTS = \
src/trunnel/ed25519_cert.trunnel \
src/trunnel/link_handshake.trunnel \
src/trunnel/pwbox.trunnel
TRUNNELSOURCES = \
src/ext/trunnel/trunnel.c \
src/trunnel/pwbox.c
src/ext/trunnel/trunnel.c \
src/trunnel/ed25519_cert.c \
src/trunnel/link_handshake.c \
src/trunnel/pwbox.c
TRUNNELHEADERS = \
src/ext/trunnel/trunnel.h \
src/ext/trunnel/trunnel-impl.h \
src/trunnel/trunnel-local.h \
src/trunnel/pwbox.h
src/ext/trunnel/trunnel.h \
src/ext/trunnel/trunnel-impl.h \
src/trunnel/trunnel-local.h \
src/trunnel/ed25519_cert.h \
src/trunnel/link_handshake.h \
src/trunnel/pwbox.h
src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES)
src_trunnel_libor_trunnel_a_CPPFLAGS = -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS)

1885
src/trunnel/link_handshake.c Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,654 @@
/* link_handshake.h -- generated by by Trunnel v1.4-pre.
* https://gitweb.torproject.org/trunnel.git
* You probably shouldn't edit this file.
*/
#ifndef TRUNNEL_LINK_HANDSHAKE_H
#define TRUNNEL_LINK_HANDSHAKE_H
#include <stdint.h>
#include "trunnel.h"
#define CERTTYPE_RSA1024_ID_LINK 1
#define CERTTYPE_RSA1024_ID_ID 2
#define CERTTYPE_RSA1024_ID_AUTH 3
#define CERTTYPE_ED_ID_SIGN 4
#define CERTTYPE_ED_SIGN_LINK 5
#define CERTTYPE_ED_SIGN_AUTH 6
#define CERTTYPE_RSA1024_ID_EDID 7
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CHALLENGE_CELL)
struct auth_challenge_cell_st {
uint8_t challenge[32];
uint16_t n_methods;
TRUNNEL_DYNARRAY_HEAD(, uint16_t) methods;
uint8_t trunnel_error_code_;
};
#endif
typedef struct auth_challenge_cell_st auth_challenge_cell_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CTX)
struct auth_ctx_st {
uint8_t is_ed;
uint8_t trunnel_error_code_;
};
#endif
typedef struct auth_ctx_st auth_ctx_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL_CERT)
struct certs_cell_cert_st {
uint8_t cert_type;
uint16_t cert_len;
TRUNNEL_DYNARRAY_HEAD(, uint8_t) body;
uint8_t trunnel_error_code_;
};
#endif
typedef struct certs_cell_cert_st certs_cell_cert_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_RSA_ED_CROSSCERT)
struct rsa_ed_crosscert_st {
uint8_t ed_key[32];
uint32_t expiration;
const uint8_t *end_of_signed;
uint8_t sig_len;
TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
uint8_t trunnel_error_code_;
};
#endif
typedef struct rsa_ed_crosscert_st rsa_ed_crosscert_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH1)
struct auth1_st {
uint8_t type[8];
uint8_t cid[32];
uint8_t sid[32];
uint8_t u1_cid_ed[32];
uint8_t u1_sid_ed[32];
uint8_t slog[32];
uint8_t clog[32];
uint8_t scert[32];
uint8_t tlssecrets[32];
const uint8_t *end_of_fixed_part;
uint8_t rand[24];
const uint8_t *end_of_signed;
TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
uint8_t trunnel_error_code_;
};
#endif
typedef struct auth1_st auth1_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL)
struct certs_cell_st {
uint8_t n_certs;
TRUNNEL_DYNARRAY_HEAD(, struct certs_cell_cert_st *) certs;
uint8_t trunnel_error_code_;
};
#endif
typedef struct certs_cell_st certs_cell_t;
/** Return a newly allocated auth_challenge_cell with all elements set
* to zero.
*/
auth_challenge_cell_t *auth_challenge_cell_new(void);
/** Release all storage held by the auth_challenge_cell in 'victim'.
* (Do nothing if 'victim' is NULL.)
*/
void auth_challenge_cell_free(auth_challenge_cell_t *victim);
/** Try to parse a auth_challenge_cell from the buffer in 'input',
* using up to 'len_in' bytes from the input buffer. On success,
* return the number of bytes consumed and set *output to the newly
* allocated auth_challenge_cell_t. On failure, return -2 if the input
* appears truncated, and -1 if the input is otherwise invalid.
*/
ssize_t auth_challenge_cell_parse(auth_challenge_cell_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* auth_challenge_cell in 'obj'. On failure, return a negative value.
* Note that this value may be an overestimate, and can even be an
* underestimate for certain unencodeable objects.
*/
ssize_t auth_challenge_cell_encoded_len(const auth_challenge_cell_t *obj);
/** Try to encode the auth_challenge_cell from 'input' into the buffer
* at 'output', using up to 'avail' bytes of the output buffer. On
* success, return the number of bytes used. On failure, return -2 if
* the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t auth_challenge_cell_encode(uint8_t *output, const size_t avail, const auth_challenge_cell_t *input);
/** Check whether the internal state of the auth_challenge_cell in
* 'obj' is consistent. Return NULL if it is, and a short message if
* it is not.
*/
const char *auth_challenge_cell_check(const auth_challenge_cell_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int auth_challenge_cell_clear_errors(auth_challenge_cell_t *obj);
/** Return the (constant) length of the array holding the challenge
* field of the auth_challenge_cell_t in 'inp'.
*/
size_t auth_challenge_cell_getlen_challenge(const auth_challenge_cell_t *inp);
/** Return the element at position 'idx' of the fixed array field
* challenge of the auth_challenge_cell_t in 'inp'.
*/
uint8_t auth_challenge_cell_get_challenge(const auth_challenge_cell_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* challenge of the auth_challenge_cell_t in 'inp', so that it will
* hold the value 'elt'.
*/
int auth_challenge_cell_set_challenge(auth_challenge_cell_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field challenge of 'inp'.
*/
uint8_t * auth_challenge_cell_getarray_challenge(auth_challenge_cell_t *inp);
/** Return the value of the n_methods field of the
* auth_challenge_cell_t in 'inp'
*/
uint16_t auth_challenge_cell_get_n_methods(auth_challenge_cell_t *inp);
/** Set the value of the n_methods field of the auth_challenge_cell_t
* in 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int auth_challenge_cell_set_n_methods(auth_challenge_cell_t *inp, uint16_t val);
/** Return the length of the dynamic array holding the methods field
* of the auth_challenge_cell_t in 'inp'.
*/
size_t auth_challenge_cell_getlen_methods(const auth_challenge_cell_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* methods of the auth_challenge_cell_t in 'inp'.
*/
uint16_t auth_challenge_cell_get_methods(auth_challenge_cell_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* methods of the auth_challenge_cell_t in 'inp', so that it will hold
* the value 'elt'.
*/
int auth_challenge_cell_set_methods(auth_challenge_cell_t *inp, size_t idx, uint16_t elt);
/** Append a new element 'elt' to the dynamic array field methods of
* the auth_challenge_cell_t in 'inp'.
*/
int auth_challenge_cell_add_methods(auth_challenge_cell_t *inp, uint16_t elt);
/** Return a pointer to the variable-length array field methods of
* 'inp'.
*/
uint16_t * auth_challenge_cell_getarray_methods(auth_challenge_cell_t *inp);
/** Change the length of the variable-length array field methods of
* 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
* return -1 and set the error code on 'inp' on failure.
*/
int auth_challenge_cell_setlen_methods(auth_challenge_cell_t *inp, size_t newlen);
/** Return a newly allocated auth_ctx with all elements set to zero.
*/
auth_ctx_t *auth_ctx_new(void);
/** Release all storage held by the auth_ctx in 'victim'. (Do nothing
* if 'victim' is NULL.)
*/
void auth_ctx_free(auth_ctx_t *victim);
/** Return the value of the is_ed field of the auth_ctx_t in 'inp'
*/
uint8_t auth_ctx_get_is_ed(auth_ctx_t *inp);
/** Set the value of the is_ed field of the auth_ctx_t in 'inp' to
* 'val'. Return 0 on success; return -1 and set the error code on
* 'inp' on failure.
*/
int auth_ctx_set_is_ed(auth_ctx_t *inp, uint8_t val);
/** Return a newly allocated certs_cell_cert with all elements set to
* zero.
*/
certs_cell_cert_t *certs_cell_cert_new(void);
/** Release all storage held by the certs_cell_cert in 'victim'. (Do
* nothing if 'victim' is NULL.)
*/
void certs_cell_cert_free(certs_cell_cert_t *victim);
/** Try to parse a certs_cell_cert from the buffer in 'input', using
* up to 'len_in' bytes from the input buffer. On success, return the
* number of bytes consumed and set *output to the newly allocated
* certs_cell_cert_t. On failure, return -2 if the input appears
* truncated, and -1 if the input is otherwise invalid.
*/
ssize_t certs_cell_cert_parse(certs_cell_cert_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* certs_cell_cert in 'obj'. On failure, return a negative value. Note
* that this value may be an overestimate, and can even be an
* underestimate for certain unencodeable objects.
*/
ssize_t certs_cell_cert_encoded_len(const certs_cell_cert_t *obj);
/** Try to encode the certs_cell_cert from 'input' into the buffer at
* 'output', using up to 'avail' bytes of the output buffer. On
* success, return the number of bytes used. On failure, return -2 if
* the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t certs_cell_cert_encode(uint8_t *output, const size_t avail, const certs_cell_cert_t *input);
/** Check whether the internal state of the certs_cell_cert in 'obj'
* is consistent. Return NULL if it is, and a short message if it is
* not.
*/
const char *certs_cell_cert_check(const certs_cell_cert_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int certs_cell_cert_clear_errors(certs_cell_cert_t *obj);
/** Return the value of the cert_type field of the certs_cell_cert_t
* in 'inp'
*/
uint8_t certs_cell_cert_get_cert_type(certs_cell_cert_t *inp);
/** Set the value of the cert_type field of the certs_cell_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int certs_cell_cert_set_cert_type(certs_cell_cert_t *inp, uint8_t val);
/** Return the value of the cert_len field of the certs_cell_cert_t in
* 'inp'
*/
uint16_t certs_cell_cert_get_cert_len(certs_cell_cert_t *inp);
/** Set the value of the cert_len field of the certs_cell_cert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int certs_cell_cert_set_cert_len(certs_cell_cert_t *inp, uint16_t val);
/** Return the length of the dynamic array holding the body field of
* the certs_cell_cert_t in 'inp'.
*/
size_t certs_cell_cert_getlen_body(const certs_cell_cert_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* body of the certs_cell_cert_t in 'inp'.
*/
uint8_t certs_cell_cert_get_body(certs_cell_cert_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* body of the certs_cell_cert_t in 'inp', so that it will hold the
* value 'elt'.
*/
int certs_cell_cert_set_body(certs_cell_cert_t *inp, size_t idx, uint8_t elt);
/** Append a new element 'elt' to the dynamic array field body of the
* certs_cell_cert_t in 'inp'.
*/
int certs_cell_cert_add_body(certs_cell_cert_t *inp, uint8_t elt);
/** Return a pointer to the variable-length array field body of 'inp'.
*/
uint8_t * certs_cell_cert_getarray_body(certs_cell_cert_t *inp);
/** Change the length of the variable-length array field body of 'inp'
* to 'newlen'.Fill extra elements with 0. Return 0 on success; return
* -1 and set the error code on 'inp' on failure.
*/
int certs_cell_cert_setlen_body(certs_cell_cert_t *inp, size_t newlen);
/** Return a newly allocated rsa_ed_crosscert with all elements set to
* zero.
*/
rsa_ed_crosscert_t *rsa_ed_crosscert_new(void);
/** Release all storage held by the rsa_ed_crosscert in 'victim'. (Do
* nothing if 'victim' is NULL.)
*/
void rsa_ed_crosscert_free(rsa_ed_crosscert_t *victim);
/** Try to parse a rsa_ed_crosscert from the buffer in 'input', using
* up to 'len_in' bytes from the input buffer. On success, return the
* number of bytes consumed and set *output to the newly allocated
* rsa_ed_crosscert_t. On failure, return -2 if the input appears
* truncated, and -1 if the input is otherwise invalid.
*/
ssize_t rsa_ed_crosscert_parse(rsa_ed_crosscert_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* rsa_ed_crosscert in 'obj'. On failure, return a negative value.
* Note that this value may be an overestimate, and can even be an
* underestimate for certain unencodeable objects.
*/
ssize_t rsa_ed_crosscert_encoded_len(const rsa_ed_crosscert_t *obj);
/** Try to encode the rsa_ed_crosscert from 'input' into the buffer at
* 'output', using up to 'avail' bytes of the output buffer. On
* success, return the number of bytes used. On failure, return -2 if
* the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t rsa_ed_crosscert_encode(uint8_t *output, const size_t avail, const rsa_ed_crosscert_t *input);
/** Check whether the internal state of the rsa_ed_crosscert in 'obj'
* is consistent. Return NULL if it is, and a short message if it is
* not.
*/
const char *rsa_ed_crosscert_check(const rsa_ed_crosscert_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int rsa_ed_crosscert_clear_errors(rsa_ed_crosscert_t *obj);
/** Return the (constant) length of the array holding the ed_key field
* of the rsa_ed_crosscert_t in 'inp'.
*/
size_t rsa_ed_crosscert_getlen_ed_key(const rsa_ed_crosscert_t *inp);
/** Return the element at position 'idx' of the fixed array field
* ed_key of the rsa_ed_crosscert_t in 'inp'.
*/
uint8_t rsa_ed_crosscert_get_ed_key(const rsa_ed_crosscert_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* ed_key of the rsa_ed_crosscert_t in 'inp', so that it will hold the
* value 'elt'.
*/
int rsa_ed_crosscert_set_ed_key(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field ed_key of 'inp'.
*/
uint8_t * rsa_ed_crosscert_getarray_ed_key(rsa_ed_crosscert_t *inp);
/** Return the value of the expiration field of the rsa_ed_crosscert_t
* in 'inp'
*/
uint32_t rsa_ed_crosscert_get_expiration(rsa_ed_crosscert_t *inp);
/** Set the value of the expiration field of the rsa_ed_crosscert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int rsa_ed_crosscert_set_expiration(rsa_ed_crosscert_t *inp, uint32_t val);
/** Return the position for end_of_signed when we parsed this object
*/
const uint8_t * rsa_ed_crosscert_get_end_of_signed(const rsa_ed_crosscert_t *inp);
/** Return the value of the sig_len field of the rsa_ed_crosscert_t in
* 'inp'
*/
uint8_t rsa_ed_crosscert_get_sig_len(rsa_ed_crosscert_t *inp);
/** Set the value of the sig_len field of the rsa_ed_crosscert_t in
* 'inp' to 'val'. Return 0 on success; return -1 and set the error
* code on 'inp' on failure.
*/
int rsa_ed_crosscert_set_sig_len(rsa_ed_crosscert_t *inp, uint8_t val);
/** Return the length of the dynamic array holding the sig field of
* the rsa_ed_crosscert_t in 'inp'.
*/
size_t rsa_ed_crosscert_getlen_sig(const rsa_ed_crosscert_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* sig of the rsa_ed_crosscert_t in 'inp'.
*/
uint8_t rsa_ed_crosscert_get_sig(rsa_ed_crosscert_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* sig of the rsa_ed_crosscert_t in 'inp', so that it will hold the
* value 'elt'.
*/
int rsa_ed_crosscert_set_sig(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
/** Append a new element 'elt' to the dynamic array field sig of the
* rsa_ed_crosscert_t in 'inp'.
*/
int rsa_ed_crosscert_add_sig(rsa_ed_crosscert_t *inp, uint8_t elt);
/** Return a pointer to the variable-length array field sig of 'inp'.
*/
uint8_t * rsa_ed_crosscert_getarray_sig(rsa_ed_crosscert_t *inp);
/** Change the length of the variable-length array field sig of 'inp'
* to 'newlen'.Fill extra elements with 0. Return 0 on success; return
* -1 and set the error code on 'inp' on failure.
*/
int rsa_ed_crosscert_setlen_sig(rsa_ed_crosscert_t *inp, size_t newlen);
/** Return a newly allocated auth1 with all elements set to zero.
*/
auth1_t *auth1_new(void);
/** Release all storage held by the auth1 in 'victim'. (Do nothing if
* 'victim' is NULL.)
*/
void auth1_free(auth1_t *victim);
/** Try to parse a auth1 from the buffer in 'input', using up to
* 'len_in' bytes from the input buffer. On success, return the number
* of bytes consumed and set *output to the newly allocated auth1_t.
* On failure, return -2 if the input appears truncated, and -1 if the
* input is otherwise invalid.
*/
ssize_t auth1_parse(auth1_t **output, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx);
/** Return the number of bytes we expect to need to encode the auth1
* in 'obj'. On failure, return a negative value. Note that this value
* may be an overestimate, and can even be an underestimate for
* certain unencodeable objects.
*/
ssize_t auth1_encoded_len(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
/** Try to encode the auth1 from 'input' into the buffer at 'output',
* using up to 'avail' bytes of the output buffer. On success, return
* the number of bytes used. On failure, return -2 if the buffer was
* not long enough, and -1 if the input was invalid.
*/
ssize_t auth1_encode(uint8_t *output, const size_t avail, const auth1_t *input, const auth_ctx_t *auth_ctx_ctx);
/** Check whether the internal state of the auth1 in 'obj' is
* consistent. Return NULL if it is, and a short message if it is not.
*/
const char *auth1_check(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int auth1_clear_errors(auth1_t *obj);
/** Return the (constant) length of the array holding the type field
* of the auth1_t in 'inp'.
*/
size_t auth1_getlen_type(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field type
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_type(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field type
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_type(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 8-element array field type of 'inp'.
*/
uint8_t * auth1_getarray_type(auth1_t *inp);
/** Return the (constant) length of the array holding the cid field of
* the auth1_t in 'inp'.
*/
size_t auth1_getlen_cid(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field cid
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_cid(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field cid
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_cid(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field cid of 'inp'.
*/
uint8_t * auth1_getarray_cid(auth1_t *inp);
/** Return the (constant) length of the array holding the sid field of
* the auth1_t in 'inp'.
*/
size_t auth1_getlen_sid(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field sid
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_sid(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field sid
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_sid(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field sid of 'inp'.
*/
uint8_t * auth1_getarray_sid(auth1_t *inp);
/** Return the (constant) length of the array holding the u1_cid_ed
* field of the auth1_t in 'inp'.
*/
size_t auth1_getlen_u1_cid_ed(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field
* u1_cid_ed of the auth1_t in 'inp'.
*/
uint8_t auth1_get_u1_cid_ed(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* u1_cid_ed of the auth1_t in 'inp', so that it will hold the value
* 'elt'.
*/
int auth1_set_u1_cid_ed(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field u1_cid_ed of 'inp'.
*/
uint8_t * auth1_getarray_u1_cid_ed(auth1_t *inp);
/** Return the (constant) length of the array holding the u1_sid_ed
* field of the auth1_t in 'inp'.
*/
size_t auth1_getlen_u1_sid_ed(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field
* u1_sid_ed of the auth1_t in 'inp'.
*/
uint8_t auth1_get_u1_sid_ed(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* u1_sid_ed of the auth1_t in 'inp', so that it will hold the value
* 'elt'.
*/
int auth1_set_u1_sid_ed(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field u1_sid_ed of 'inp'.
*/
uint8_t * auth1_getarray_u1_sid_ed(auth1_t *inp);
/** Return the (constant) length of the array holding the slog field
* of the auth1_t in 'inp'.
*/
size_t auth1_getlen_slog(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field slog
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_slog(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field slog
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_slog(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field slog of 'inp'.
*/
uint8_t * auth1_getarray_slog(auth1_t *inp);
/** Return the (constant) length of the array holding the clog field
* of the auth1_t in 'inp'.
*/
size_t auth1_getlen_clog(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field clog
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_clog(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field clog
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_clog(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field clog of 'inp'.
*/
uint8_t * auth1_getarray_clog(auth1_t *inp);
/** Return the (constant) length of the array holding the scert field
* of the auth1_t in 'inp'.
*/
size_t auth1_getlen_scert(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field
* scert of the auth1_t in 'inp'.
*/
uint8_t auth1_get_scert(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* scert of the auth1_t in 'inp', so that it will hold the value
* 'elt'.
*/
int auth1_set_scert(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field scert of 'inp'.
*/
uint8_t * auth1_getarray_scert(auth1_t *inp);
/** Return the (constant) length of the array holding the tlssecrets
* field of the auth1_t in 'inp'.
*/
size_t auth1_getlen_tlssecrets(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field
* tlssecrets of the auth1_t in 'inp'.
*/
uint8_t auth1_get_tlssecrets(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field
* tlssecrets of the auth1_t in 'inp', so that it will hold the value
* 'elt'.
*/
int auth1_set_tlssecrets(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 32-element array field tlssecrets of
* 'inp'.
*/
uint8_t * auth1_getarray_tlssecrets(auth1_t *inp);
/** Return the position for end_of_fixed_part when we parsed this
* object
*/
const uint8_t * auth1_get_end_of_fixed_part(const auth1_t *inp);
/** Return the (constant) length of the array holding the rand field
* of the auth1_t in 'inp'.
*/
size_t auth1_getlen_rand(const auth1_t *inp);
/** Return the element at position 'idx' of the fixed array field rand
* of the auth1_t in 'inp'.
*/
uint8_t auth1_get_rand(const auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the fixed array field rand
* of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_rand(auth1_t *inp, size_t idx, uint8_t elt);
/** Return a pointer to the 24-element array field rand of 'inp'.
*/
uint8_t * auth1_getarray_rand(auth1_t *inp);
/** Return the position for end_of_signed when we parsed this object
*/
const uint8_t * auth1_get_end_of_signed(const auth1_t *inp);
/** Return the length of the dynamic array holding the sig field of
* the auth1_t in 'inp'.
*/
size_t auth1_getlen_sig(const auth1_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* sig of the auth1_t in 'inp'.
*/
uint8_t auth1_get_sig(auth1_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* sig of the auth1_t in 'inp', so that it will hold the value 'elt'.
*/
int auth1_set_sig(auth1_t *inp, size_t idx, uint8_t elt);
/** Append a new element 'elt' to the dynamic array field sig of the
* auth1_t in 'inp'.
*/
int auth1_add_sig(auth1_t *inp, uint8_t elt);
/** Return a pointer to the variable-length array field sig of 'inp'.
*/
uint8_t * auth1_getarray_sig(auth1_t *inp);
/** Change the length of the variable-length array field sig of 'inp'
* to 'newlen'.Fill extra elements with 0. Return 0 on success; return
* -1 and set the error code on 'inp' on failure.
*/
int auth1_setlen_sig(auth1_t *inp, size_t newlen);
/** Return a newly allocated certs_cell with all elements set to zero.
*/
certs_cell_t *certs_cell_new(void);
/** Release all storage held by the certs_cell in 'victim'. (Do
* nothing if 'victim' is NULL.)
*/
void certs_cell_free(certs_cell_t *victim);
/** Try to parse a certs_cell from the buffer in 'input', using up to
* 'len_in' bytes from the input buffer. On success, return the number
* of bytes consumed and set *output to the newly allocated
* certs_cell_t. On failure, return -2 if the input appears truncated,
* and -1 if the input is otherwise invalid.
*/
ssize_t certs_cell_parse(certs_cell_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
* certs_cell in 'obj'. On failure, return a negative value. Note that
* this value may be an overestimate, and can even be an underestimate
* for certain unencodeable objects.
*/
ssize_t certs_cell_encoded_len(const certs_cell_t *obj);
/** Try to encode the certs_cell from 'input' into the buffer at
* 'output', using up to 'avail' bytes of the output buffer. On
* success, return the number of bytes used. On failure, return -2 if
* the buffer was not long enough, and -1 if the input was invalid.
*/
ssize_t certs_cell_encode(uint8_t *output, const size_t avail, const certs_cell_t *input);
/** Check whether the internal state of the certs_cell in 'obj' is
* consistent. Return NULL if it is, and a short message if it is not.
*/
const char *certs_cell_check(const certs_cell_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
int certs_cell_clear_errors(certs_cell_t *obj);
/** Return the value of the n_certs field of the certs_cell_t in 'inp'
*/
uint8_t certs_cell_get_n_certs(certs_cell_t *inp);
/** Set the value of the n_certs field of the certs_cell_t in 'inp' to
* 'val'. Return 0 on success; return -1 and set the error code on
* 'inp' on failure.
*/
int certs_cell_set_n_certs(certs_cell_t *inp, uint8_t val);
/** Return the length of the dynamic array holding the certs field of
* the certs_cell_t in 'inp'.
*/
size_t certs_cell_getlen_certs(const certs_cell_t *inp);
/** Return the element at position 'idx' of the dynamic array field
* certs of the certs_cell_t in 'inp'.
*/
struct certs_cell_cert_st * certs_cell_get_certs(certs_cell_t *inp, size_t idx);
/** Change the element at position 'idx' of the dynamic array field
* certs of the certs_cell_t in 'inp', so that it will hold the value
* 'elt'. Free the previous value, if any.
*/
int certs_cell_set_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
/** As certs_cell_set_certs, but does not free the previous value.
*/
int certs_cell_set0_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
/** Append a new element 'elt' to the dynamic array field certs of the
* certs_cell_t in 'inp'.
*/
int certs_cell_add_certs(certs_cell_t *inp, struct certs_cell_cert_st * elt);
/** Return a pointer to the variable-length array field certs of
* 'inp'.
*/
struct certs_cell_cert_st * * certs_cell_getarray_certs(certs_cell_t *inp);
/** Change the length of the variable-length array field certs of
* 'inp' to 'newlen'.Fill extra elements with NULL; free removed
* elements. Return 0 on success; return -1 and set the error code on
* 'inp' on failure.
*/
int certs_cell_setlen_certs(certs_cell_t *inp, size_t newlen);
#endif

View File

@ -0,0 +1,57 @@
struct certs_cell {
u8 n_certs;
struct certs_cell_cert certs[n_certs];
}
const CERTTYPE_RSA1024_ID_LINK = 1;
const CERTTYPE_RSA1024_ID_ID = 2;
const CERTTYPE_RSA1024_ID_AUTH = 3;
const CERTTYPE_ED_ID_SIGN = 4;
const CERTTYPE_ED_SIGN_LINK = 5;
const CERTTYPE_ED_SIGN_AUTH = 6;
const CERTTYPE_RSA1024_ID_EDID = 7;
struct certs_cell_cert {
u8 cert_type;
u16 cert_len;
u8 body[cert_len];
}
struct rsa_ed_crosscert {
u8 ed_key[32];
u32 expiration;
@ptr end_of_signed;
u8 sig_len;
u8 sig[sig_len]; // mismatches spec.
}
struct auth_challenge_cell {
u8 challenge[32];
u16 n_methods;
u16 methods[n_methods];
}
context auth_ctx {
u8 is_ed;
}
struct auth1 with context auth_ctx {
u8 type[8];
u8 cid[32];
u8 sid[32];
union u1[auth_ctx.is_ed] {
0 : ;
1 : u8 cid_ed[32];
u8 sid_ed[32];
default: fail;
};
u8 slog[32];
u8 clog[32];
u8 scert[32];
u8 tlssecrets[32];
@ptr end_of_fixed_part;
u8 rand[24];
@ptr end_of_signed;
u8 sig[];
}